# Flog Txt Version 1 # Analyzer Version: 2.3.2 # Analyzer Build Date: Nov 22 2018 14:27:27 # Log Creation Date: 28.11.2018 08:28:29.153 Process: id = "1" image_name = "sf.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe" page_root = "0x45623000" os_pid = "0x9dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea88" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4 start_va = 0x140000 end_va = 0x17dfff entry_point = 0x140000 region_type = mapped_file name = "sf.exe" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe") Region: id = 5 start_va = 0x1a0000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 6 start_va = 0x77670000 end_va = 0x77818fff entry_point = 0x77670000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 8 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9 start_va = 0x7feff990000 end_va = 0x7feff990fff entry_point = 0x7feff990000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 10 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 11 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 12 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 147 start_va = 0x340000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 148 start_va = 0x77550000 end_va = 0x7766efff entry_point = 0x77550000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 149 start_va = 0x7fef31d0000 end_va = 0x7fef323efff entry_point = 0x7fef31d0000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 150 start_va = 0x7fefd920000 end_va = 0x7fefd98afff entry_point = 0x7fefd920000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 151 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 152 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 153 start_va = 0x3c0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 154 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 155 start_va = 0x690000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 156 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 157 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 158 start_va = 0x7fefdb10000 end_va = 0x7fefdbaefff entry_point = 0x7fefdb10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 159 start_va = 0x7fefe330000 end_va = 0x7fefe34efff entry_point = 0x7fefe330000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 160 start_va = 0x7feff740000 end_va = 0x7feff81afff entry_point = 0x7feff740000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 161 start_va = 0x7feff820000 end_va = 0x7feff94cfff entry_point = 0x7feff820000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 162 start_va = 0x540000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 163 start_va = 0x670000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 164 start_va = 0x7fef3060000 end_va = 0x7fef30f8fff entry_point = 0x7fef3060000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 165 start_va = 0x77450000 end_va = 0x77549fff entry_point = 0x77450000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 166 start_va = 0x7fefdc90000 end_va = 0x7fefdcf6fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 167 start_va = 0x7fefdd00000 end_va = 0x7fefddc8fff entry_point = 0x7fefdd00000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 168 start_va = 0x7fefe350000 end_va = 0x7fefe35dfff entry_point = 0x7fefe350000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 169 start_va = 0x7feff2e0000 end_va = 0x7feff350fff entry_point = 0x7feff2e0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 170 start_va = 0x710000 end_va = 0x897fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 171 start_va = 0x7fefe0a0000 end_va = 0x7fefe1a8fff entry_point = 0x7fefe0a0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 172 start_va = 0x7feff950000 end_va = 0x7feff97dfff entry_point = 0x7feff950000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 173 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 174 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 175 start_va = 0x8a0000 end_va = 0xa20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 176 start_va = 0xa30000 end_va = 0x1e2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 177 start_va = 0x7fefc780000 end_va = 0x7fefc78bfff entry_point = 0x7fefc780000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 178 start_va = 0x7fef25d0000 end_va = 0x7fef26c6fff entry_point = 0x7fef25d0000 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 179 start_va = 0x7fef26d0000 end_va = 0x7fef3056fff entry_point = 0x7fef26d0000 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 180 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 181 start_va = 0xe0000 end_va = 0xeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 182 start_va = 0xf0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 183 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 184 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 185 start_va = 0x1ed0000 end_va = 0x1f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 186 start_va = 0x1ff0000 end_va = 0x206ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 187 start_va = 0x2090000 end_va = 0x218ffff entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 188 start_va = 0x2190000 end_va = 0x1a18ffff entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 189 start_va = 0x1a190000 end_va = 0x1a4fffff entry_point = 0x0 region_type = private name = "private_0x000000001a190000" filename = "" Region: id = 190 start_va = 0x1a500000 end_va = 0x1a600fff entry_point = 0x0 region_type = private name = "private_0x000000001a500000" filename = "" Region: id = 191 start_va = 0x1a690000 end_va = 0x1a78ffff entry_point = 0x0 region_type = private name = "private_0x000000001a690000" filename = "" Region: id = 192 start_va = 0x1a810000 end_va = 0x1a90ffff entry_point = 0x0 region_type = private name = "private_0x000000001a810000" filename = "" Region: id = 193 start_va = 0x1a910000 end_va = 0x1aa0ffff entry_point = 0x0 region_type = private name = "private_0x000000001a910000" filename = "" Region: id = 194 start_va = 0x1aa10000 end_va = 0x1acdefff entry_point = 0x1aa10000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 195 start_va = 0x7fe92f70000 end_va = 0x7fe92f7ffff entry_point = 0x0 region_type = private name = "private_0x000007fe92f70000" filename = "" Region: id = 196 start_va = 0x7fe92f80000 end_va = 0x7fe92f8ffff entry_point = 0x0 region_type = private name = "private_0x000007fe92f80000" filename = "" Region: id = 197 start_va = 0x7fe92f90000 end_va = 0x7fe9301ffff entry_point = 0x0 region_type = private name = "private_0x000007fe92f90000" filename = "" Region: id = 198 start_va = 0x7fe93020000 end_va = 0x7fe9308ffff entry_point = 0x0 region_type = private name = "private_0x000007fe93020000" filename = "" Region: id = 199 start_va = 0x7fef1100000 end_va = 0x7fef25c8fff entry_point = 0x7fef1100000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\70690ed034c632a010f791ea65e40064\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\70690ed034c632a010f791ea65e40064\\mscorlib.ni.dll") Region: id = 200 start_va = 0x7fefddf0000 end_va = 0x7fefdff2fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 201 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 202 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 203 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 204 start_va = 0x2a0000 end_va = 0x31cfff entry_point = 0x2a0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 205 start_va = 0x2a0000 end_va = 0x31cfff entry_point = 0x2a0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 206 start_va = 0x7fefd4b0000 end_va = 0x7fefd4befff entry_point = 0x7fefd4b0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 207 start_va = 0x7fefbf10000 end_va = 0x7fefbf65fff entry_point = 0x7fefbf10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 208 start_va = 0x1ace0000 end_va = 0x1ae6ffff entry_point = 0x0 region_type = private name = "private_0x000000001ace0000" filename = "" Region: id = 209 start_va = 0x1ace0000 end_va = 0x1adbefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001ace0000" filename = "" Region: id = 210 start_va = 0x1adf0000 end_va = 0x1ae6ffff entry_point = 0x0 region_type = private name = "private_0x000000001adf0000" filename = "" Region: id = 211 start_va = 0x7fe93090000 end_va = 0x7fe9309ffff entry_point = 0x0 region_type = private name = "private_0x000007fe93090000" filename = "" Region: id = 212 start_va = 0x7fe930a0000 end_va = 0x7fe930dffff entry_point = 0x0 region_type = private name = "private_0x000007fe930a0000" filename = "" Region: id = 213 start_va = 0x7fffff00000 end_va = 0x7fffff0ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff00000" filename = "" Region: id = 214 start_va = 0x7fffff10000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffff10000" filename = "" Region: id = 215 start_va = 0x7fef0ff0000 end_va = 0x7fef10f7fff entry_point = 0x7fef0ff0000 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 216 start_va = 0x7fefdbb0000 end_va = 0x7fefdc86fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 217 start_va = 0x120000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 218 start_va = 0x180000 end_va = 0x19dfff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 219 start_va = 0x1b010000 end_va = 0x1b08ffff entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 220 start_va = 0x1b180000 end_va = 0x1b27ffff entry_point = 0x0 region_type = private name = "private_0x000000001b180000" filename = "" Region: id = 221 start_va = 0x1b2b0000 end_va = 0x1b3affff entry_point = 0x0 region_type = private name = "private_0x000000001b2b0000" filename = "" Region: id = 222 start_va = 0x7ffffefe000 end_va = 0x7ffffefffff entry_point = 0x0 region_type = private name = "private_0x000007ffffefe000" filename = "" Region: id = 223 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 224 start_va = 0x1b400000 end_va = 0x1b4fffff entry_point = 0x0 region_type = private name = "private_0x000000001b400000" filename = "" Region: id = 225 start_va = 0x7feef300000 end_va = 0x7fef01dffff entry_point = 0x7feef300000 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\6e89f5768c30e6d5cc74a6b198f437ce\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\6e89f5768c30e6d5cc74a6b198f437ce\\system.windows.forms.ni.dll") Region: id = 226 start_va = 0x7fef01e0000 end_va = 0x7fef03c9fff entry_point = 0x7fef01e0000 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\839ea0590195c34c0b0054db5a9c3513\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\839ea0590195c34c0b0054db5a9c3513\\system.drawing.ni.dll") Region: id = 227 start_va = 0x7fef03d0000 end_va = 0x7fef0fe2fff entry_point = 0x7fef03d0000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\76e0ae2162ace0d6430ce89ffdf32afa\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\76e0ae2162ace0d6430ce89ffdf32afa\\system.ni.dll") Region: id = 228 start_va = 0x7fefceb0000 end_va = 0x7fefcec6fff entry_point = 0x7fefceb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 229 start_va = 0x7ffffefc000 end_va = 0x7ffffefdfff entry_point = 0x0 region_type = private name = "private_0x000007ffffefc000" filename = "" Region: id = 230 start_va = 0x7fefcbb0000 end_va = 0x7fefcbf6fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 231 start_va = 0x7fefe360000 end_va = 0x7feff0e7fff entry_point = 0x7fefe360000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 232 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 233 start_va = 0x7fe930e0000 end_va = 0x7fe930effff entry_point = 0x0 region_type = private name = "private_0x000007fe930e0000" filename = "" Region: id = 234 start_va = 0x7feee740000 end_va = 0x7feee963fff entry_point = 0x7feee740000 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\0fe7d8efc42d59706fc969c7073faa21\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\0fe7d8efc42d59706fc969c7073faa21\\microsoft.visualbasic.ni.dll") Region: id = 235 start_va = 0x7feee970000 end_va = 0x7feef2f5fff entry_point = 0x7feee970000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\0b543c6391a29ab6773dc4ad0da611f2\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\0b543c6391a29ab6773dc4ad0da611f2\\system.core.ni.dll") Region: id = 236 start_va = 0x7fef3650000 end_va = 0x7fef3665fff entry_point = 0x7fef3650000 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\nlssorting.dll") Region: id = 237 start_va = 0x1b500000 end_va = 0x1b7d1fff entry_point = 0x1b500000 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\sortdefault.nlp") Region: id = 238 start_va = 0x7fefd020000 end_va = 0x7fefd041fff entry_point = 0x7fefd020000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 239 start_va = 0x1b870000 end_va = 0x1b96ffff entry_point = 0x0 region_type = private name = "private_0x000000001b870000" filename = "" Region: id = 240 start_va = 0x1b9c0000 end_va = 0x1babffff entry_point = 0x0 region_type = private name = "private_0x000000001b9c0000" filename = "" Region: id = 241 start_va = 0x7ffffef8000 end_va = 0x7ffffef9fff entry_point = 0x0 region_type = private name = "private_0x000007ffffef8000" filename = "" Region: id = 242 start_va = 0x7ffffefa000 end_va = 0x7ffffefbfff entry_point = 0x0 region_type = private name = "private_0x000007ffffefa000" filename = "" Region: id = 339 start_va = 0x2a0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 340 start_va = 0x2c0000 end_va = 0x2c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 341 start_va = 0x1e30000 end_va = 0x1ecafff entry_point = 0x1e30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 342 start_va = 0x1e30000 end_va = 0x1ecafff entry_point = 0x1e30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 343 start_va = 0x7fef4920000 end_va = 0x7fef49bffff entry_point = 0x7fef4920000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 344 start_va = 0x1ae70000 end_va = 0x1af3ffff entry_point = 0x0 region_type = private name = "private_0x000000001ae70000" filename = "" Region: id = 345 start_va = 0x1bac0000 end_va = 0x1bbbffff entry_point = 0x0 region_type = private name = "private_0x000000001bac0000" filename = "" Region: id = 346 start_va = 0x1bbc0000 end_va = 0x1bdaffff entry_point = 0x1bbc0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 347 start_va = 0x1bbc0000 end_va = 0x1bdaffff entry_point = 0x1bbc0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 348 start_va = 0x7fefc0f0000 end_va = 0x7fefc2e3fff entry_point = 0x7fefc0f0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 349 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x2d0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 350 start_va = 0x2e0000 end_va = 0x2e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 505 start_va = 0x7fe930f0000 end_va = 0x7fe930fffff entry_point = 0x0 region_type = private name = "private_0x000007fe930f0000" filename = "" Region: id = 506 start_va = 0x7fefbcf0000 end_va = 0x7fefbf04fff entry_point = 0x7fefbcf0000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 507 start_va = 0x1bbc0000 end_va = 0x1bd6ffff entry_point = 0x0 region_type = private name = "private_0x000000001bbc0000" filename = "" Region: id = 508 start_va = 0x2f0000 end_va = 0x30afff entry_point = 0x2f0000 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat") Region: id = 509 start_va = 0x1bde0000 end_va = 0x1bedffff entry_point = 0x0 region_type = private name = "private_0x000000001bde0000" filename = "" Region: id = 510 start_va = 0x7ffffef6000 end_va = 0x7ffffef7fff entry_point = 0x0 region_type = private name = "private_0x000007ffffef6000" filename = "" Region: id = 511 start_va = 0x1bbc0000 end_va = 0x1bcbffff entry_point = 0x0 region_type = private name = "private_0x000000001bbc0000" filename = "" Region: id = 512 start_va = 0x1bd60000 end_va = 0x1bd6ffff entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 513 start_va = 0x1ae70000 end_va = 0x1af1afff entry_point = 0x1ae70000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 514 start_va = 0x1af30000 end_va = 0x1af3ffff entry_point = 0x0 region_type = private name = "private_0x000000001af30000" filename = "" Region: id = 515 start_va = 0x1ae70000 end_va = 0x1af1afff entry_point = 0x1ae70000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 516 start_va = 0x1bee0000 end_va = 0x1d388fff entry_point = 0x1bee0000 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 517 start_va = 0x1bee0000 end_va = 0x1d388fff entry_point = 0x1bee0000 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 518 start_va = 0x1bee0000 end_va = 0x1d3a2fff entry_point = 0x1bee0000 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 519 start_va = 0x1bee0000 end_va = 0x1d3a2fff entry_point = 0x1bee0000 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 520 start_va = 0x1bee0000 end_va = 0x1c302fff entry_point = 0x1bee0000 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 521 start_va = 0x1bee0000 end_va = 0x1c302fff entry_point = 0x1bee0000 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 522 start_va = 0x1c310000 end_va = 0x1c50ffff entry_point = 0x0 region_type = private name = "private_0x000000001c310000" filename = "" Region: id = 523 start_va = 0x1e30000 end_va = 0x1ecffff entry_point = 0x1e30000 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 524 start_va = 0x1e30000 end_va = 0x1ecffff entry_point = 0x1e30000 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 525 start_va = 0x1e30000 end_va = 0x1eaefff entry_point = 0x1e30000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 526 start_va = 0x1e30000 end_va = 0x1eaefff entry_point = 0x1e30000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 527 start_va = 0x7fe93100000 end_va = 0x7fe9310ffff entry_point = 0x0 region_type = private name = "private_0x000007fe93100000" filename = "" Region: id = 528 start_va = 0x2d0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 529 start_va = 0x4c0000 end_va = 0x521fff entry_point = 0x4c0000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscorrc.dll") Region: id = 530 start_va = 0x7fefb970000 end_va = 0x7fefba99fff entry_point = 0x7fefb970000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 531 start_va = 0x1bee0000 end_va = 0x1bfdffff entry_point = 0x0 region_type = private name = "private_0x000000001bee0000" filename = "" Region: id = 532 start_va = 0x2f0000 end_va = 0x31cfff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 533 start_va = 0x1bfe0000 end_va = 0x1c0dffff entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 534 start_va = 0x1c510000 end_va = 0x1ce3ffff entry_point = 0x1c510000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 535 start_va = 0x320000 end_va = 0x320fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 536 start_va = 0x7fefbae0000 end_va = 0x7fefbaf7fff entry_point = 0x7fefbae0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 537 start_va = 0x330000 end_va = 0x336fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 538 start_va = 0x640000 end_va = 0x641fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 539 start_va = 0x1ce40000 end_va = 0x1d232fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001ce40000" filename = "" Region: id = 540 start_va = 0x650000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 541 start_va = 0x660000 end_va = 0x66ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 542 start_va = 0x680000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 543 start_va = 0x650000 end_va = 0x651fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 544 start_va = 0x650000 end_va = 0x650fff entry_point = 0x650000 region_type = mapped_file name = "msctf.dll.mui" filename = "\\Windows\\System32\\en-US\\msctf.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msctf.dll.mui") Region: id = 545 start_va = 0x660000 end_va = 0x661fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 546 start_va = 0x660000 end_va = 0x660fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 547 start_va = 0x7fefe000000 end_va = 0x7fefe098fff entry_point = 0x7fefe000000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 548 start_va = 0x680000 end_va = 0x680fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 549 start_va = 0x1e30000 end_va = 0x1e39fff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 550 start_va = 0x7fefd5a0000 end_va = 0x7fefd5b3fff entry_point = 0x7fefd5a0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 551 start_va = 0x1d2a0000 end_va = 0x1d39ffff entry_point = 0x0 region_type = private name = "private_0x000000001d2a0000" filename = "" Region: id = 552 start_va = 0x7ffffef4000 end_va = 0x7ffffef5fff entry_point = 0x0 region_type = private name = "private_0x000007ffffef4000" filename = "" Region: id = 553 start_va = 0x1e40000 end_va = 0x1e74fff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 554 start_va = 0x1e30000 end_va = 0x1e44fff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 555 start_va = 0x1e50000 end_va = 0x1e7dfff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 556 start_va = 0x1e80000 end_va = 0x1eacfff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 557 start_va = 0x1eb0000 end_va = 0x1eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 558 start_va = 0x1e50000 end_va = 0x1e65fff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 559 start_va = 0x1b0f0000 end_va = 0x1b1effff entry_point = 0x0 region_type = private name = "private_0x000000001b0f0000" filename = "" Region: id = 560 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 561 start_va = 0x1e50000 end_va = 0x1e84fff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 562 start_va = 0x1e50000 end_va = 0x1e7dfff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 563 start_va = 0x1e80000 end_va = 0x1eacfff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 564 start_va = 0x1e50000 end_va = 0x1e65fff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 565 start_va = 0x1e50000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Thread: id = 1 os_tid = 0x9e0 [0095.364] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0099.469] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", nBufferLength=0x105, lpBuffer=0x29d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", lpFilePart=0x0) returned 0x2c [0099.507] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", nBufferLength=0x105, lpBuffer=0x29d160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", lpFilePart=0x0) returned 0x2c [0099.583] VirtualProtect (in: lpAddress=0x142000, dwSize=0xe3d4, flNewProtect=0x40, lpflOldProtect=0x29da90 | out: lpflOldProtect=0x29da90*=0x80) returned 1 [0100.979] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", nBufferLength=0x105, lpBuffer=0x29d190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", lpFilePart=0x0) returned 0x2c [0100.979] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", nBufferLength=0x105, lpBuffer=0x29d000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", lpFilePart=0x0) returned 0x2c [0100.991] VirtualProtect (in: lpAddress=0x140188, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x2) returned 1 [0101.031] VirtualProtect (in: lpAddress=0x1401b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.031] VirtualProtect (in: lpAddress=0x1401d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.031] VirtualProtect (in: lpAddress=0x140200, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.031] VirtualProtect (in: lpAddress=0x140228, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x152000, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x20) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x15281c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x152840, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x152848, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x15284c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x152854, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x152858, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x15285c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x152860, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.032] VirtualProtect (in: lpAddress=0x152868, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x15286c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x152870, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x152878, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x15287c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x152880, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x152888, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x15288c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x152890, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x152898, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x15289c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.033] VirtualProtect (in: lpAddress=0x1528a0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.034] VirtualProtect (in: lpAddress=0x1528a4, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.034] VirtualProtect (in: lpAddress=0x1528ac, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.034] VirtualProtect (in: lpAddress=0x1528b0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.034] VirtualProtect (in: lpAddress=0x1528b4, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.034] VirtualProtect (in: lpAddress=0x1528bc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.034] VirtualProtect (in: lpAddress=0x1528c0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x29dac8 | out: lpflOldProtect=0x29dac8*=0x40) returned 1 [0101.363] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x29cf70, nSize=0x80 | out: lpBuffer="\x9ff") returned 0x0 [0105.968] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.968] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0105.970] CoTaskMemFree (pv=0x1a94c490) [0105.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0105.982] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.982] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0105.983] CoTaskMemFree (pv=0x1a94c490) [0105.983] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0105.983] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.983] SHGetFolderPathW (in: hwnd=0x0, csidl=17, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="\x8e\x3a\x5c\x55\x73\x65\x72\x73\x5c\x35\x70\x35\x4e\x72\x47\x4a\x6e\x30\x6a\x53\x20\x48\x41\x4c\x50\x6d\x63\x78\x7a\x5c\x44\x65\x73\x6b\x74\x6f\x70") returned 0x80004005 [0105.984] CoTaskMemFree (pv=0x1a94c490) [0105.994] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.994] SHGetFolderPathW (in: hwnd=0x0, csidl=16, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0105.995] CoTaskMemFree (pv=0x1a94c490) [0105.995] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0105.995] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.995] SHGetFolderPathW (in: hwnd=0x0, csidl=6, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned 0x0 [0105.996] CoTaskMemFree (pv=0x1a94c490) [0105.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpFilePart=0x0) returned 0x27 [0105.996] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.996] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0105.997] CoTaskMemFree (pv=0x1a94c490) [0105.997] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0105.997] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.997] SHGetFolderPathW (in: hwnd=0x0, csidl=13, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned 0x0 [0105.998] CoTaskMemFree (pv=0x1a94c490) [0105.998] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpFilePart=0x0) returned 0x23 [0105.998] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.998] SHGetFolderPathW (in: hwnd=0x0, csidl=34, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x0 [0105.999] CoTaskMemFree (pv=0x1a94c490) [0105.999] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History", lpFilePart=0x0) returned 0x45 [0105.999] CoTaskMemAlloc (cb=0x20c) returned 0x1a94c490 [0105.999] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1a94c490 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0105.999] CoTaskMemFree (pv=0x1a94c490) [0105.999] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x29ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0106.329] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x29d1d0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0106.360] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x29d1d0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0106.360] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x29d1d0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0106.361] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x29d1d0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0106.361] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x29d1d0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0106.361] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x29d1d0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0106.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8d0) returned 1 [0106.681] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.682] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.683] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x29e570 | out: lpFindFileData=0x29e570) returned 0x1a95fe50 [0106.694] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.695] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.695] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.695] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.695] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.695] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.695] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.696] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.696] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.696] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.696] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.696] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.697] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.697] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.697] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.697] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.697] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.697] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.697] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.698] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.698] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.698] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.698] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.698] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.698] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.700] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.700] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.700] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.700] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.700] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.700] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.701] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0106.701] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0 [0106.701] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e820) returned 1 [0106.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7e0) returned 1 [0106.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.730] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.730] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.txt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.734] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.734] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.734] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.doc", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0x1a95fe50 [0106.734] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0106.734] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.763] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc", lpFilePart=0x0) returned 0x45 [0106.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-vgkuylzonjz.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x24c [0106.764] GetFileType (hFile=0x24c) returned 0x1 [0106.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.764] GetFileType (hFile=0x24c) returned 0x1 [0106.764] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x13732 [0106.765] ReadFile (in: hFile=0x24c, lpBuffer=0x21ae7e0, nNumberOfBytesToRead=0x13732, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x21ae7e0*, lpNumberOfBytesRead=0x29e708*=0x13732, lpOverlapped=0x0) returned 1 [0106.767] CloseHandle (hObject=0x24c) returned 1 [0106.826] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x29e710 | out: pfEnabled=0x29e710) returned 0x0 [0106.863] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc", lpFilePart=0x0) returned 0x45 [0106.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-vgkuylzonjz.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.865] GetFileType (hFile=0x25c) returned 0x1 [0106.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.865] GetFileType (hFile=0x25c) returned 0x1 [0106.865] WriteFile (in: hFile=0x25c, lpBuffer=0x21c6a98*, nNumberOfBytesToWrite=0x13740, lpNumberOfBytesWritten=0x29e768, lpOverlapped=0x0 | out: lpBuffer=0x21c6a98*, lpNumberOfBytesWritten=0x29e768*=0x13740, lpOverlapped=0x0) returned 1 [0106.867] CloseHandle (hObject=0x25c) returned 1 [0106.871] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc", lpFilePart=0x0) returned 0x45 [0106.871] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc.BlackHat", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc.BlackHat", lpFilePart=0x0) returned 0x4e [0106.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e740) returned 1 [0106.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-vgkuylzonjz.doc"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f759e00, ftCreationTime.dwHighDateTime=0x1d46115, ftLastAccessTime.dwLowDateTime=0xcfcca5e0, ftLastAccessTime.dwHighDateTime=0x1d46051, ftLastWriteTime.dwLowDateTime=0x90800430, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x13740)) returned 1 [0106.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e700) returned 1 [0106.872] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-vgkuylzonjz.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-VGkuYlZONjZ.doc.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-vgkuylzonjz.doc.blackhat")) returned 1 [0106.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.874] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.874] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.docx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.874] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.874] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.xls", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0x1a95fe50 [0106.875] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0106.875] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.875] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx", lpFilePart=0x0) returned 0x46 [0106.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-jp2fnlvlnfq.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.875] GetFileType (hFile=0x25c) returned 0x1 [0106.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.876] GetFileType (hFile=0x25c) returned 0x1 [0106.876] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x16625 [0106.876] ReadFile (in: hFile=0x25c, lpBuffer=0x12199978, nNumberOfBytesToRead=0x16625, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x12199978*, lpNumberOfBytesRead=0x29e708*=0x16625, lpOverlapped=0x0) returned 1 [0106.877] CloseHandle (hObject=0x25c) returned 1 [0106.882] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx", lpFilePart=0x0) returned 0x46 [0106.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-jp2fnlvlnfq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.883] GetFileType (hFile=0x25c) returned 0x1 [0106.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.884] GetFileType (hFile=0x25c) returned 0x1 [0106.884] WriteFile (in: hFile=0x25c, lpBuffer=0x121affd8*, nNumberOfBytesToWrite=0x16630, lpNumberOfBytesWritten=0x29e768, lpOverlapped=0x0 | out: lpBuffer=0x121affd8*, lpNumberOfBytesWritten=0x29e768*=0x16630, lpOverlapped=0x0) returned 1 [0106.886] CloseHandle (hObject=0x25c) returned 1 [0106.888] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx", lpFilePart=0x0) returned 0x46 [0106.888] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx.BlackHat", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx.BlackHat", lpFilePart=0x0) returned 0x4f [0106.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e740) returned 1 [0106.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-jp2fnlvlnfq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x390b2eb0, ftCreationTime.dwHighDateTime=0x1d45d09, ftLastAccessTime.dwLowDateTime=0xaad37900, ftLastAccessTime.dwHighDateTime=0x1d461f3, ftLastWriteTime.dwLowDateTime=0x90826590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x16630)) returned 1 [0106.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e700) returned 1 [0106.888] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-jp2fnlvlnfq.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\-jP2FnLVLNfq.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\-jp2fnlvlnfq.xlsx.blackhat")) returned 1 [0106.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.889] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.889] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.889] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.xlsx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.890] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.890] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.890] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.ppt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.890] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.890] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.890] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.pptx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.891] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.891] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.odt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.891] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.891] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.jpg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0x1a95fe50 [0106.892] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0106.892] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.892] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg", lpFilePart=0x0) returned 0x4c [0106.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\5p5hswwirarrybufevu.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.892] GetFileType (hFile=0x25c) returned 0x1 [0106.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.892] GetFileType (hFile=0x25c) returned 0x1 [0106.892] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xf6f6 [0106.893] ReadFile (in: hFile=0x25c, lpBuffer=0x21df7e0, nNumberOfBytesToRead=0xf6f6, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x21df7e0*, lpNumberOfBytesRead=0x29e708*=0xf6f6, lpOverlapped=0x0) returned 1 [0106.894] CloseHandle (hObject=0x25c) returned 1 [0106.897] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg", lpFilePart=0x0) returned 0x4c [0106.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\5p5hswwirarrybufevu.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.899] GetFileType (hFile=0x25c) returned 0x1 [0106.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.899] GetFileType (hFile=0x25c) returned 0x1 [0106.899] WriteFile (in: hFile=0x25c, lpBuffer=0x21ef5e0*, nNumberOfBytesToWrite=0xf700, lpNumberOfBytesWritten=0x29e768, lpOverlapped=0x0 | out: lpBuffer=0x21ef5e0*, lpNumberOfBytesWritten=0x29e768*=0xf700, lpOverlapped=0x0) returned 1 [0106.901] CloseHandle (hObject=0x25c) returned 1 [0106.902] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg", lpFilePart=0x0) returned 0x4c [0106.902] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg.BlackHat", lpFilePart=0x0) returned 0x55 [0106.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e740) returned 1 [0106.902] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\5p5hswwirarrybufevu.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb21266a0, ftCreationTime.dwHighDateTime=0x1d46044, ftLastAccessTime.dwLowDateTime=0x746b2f0, ftLastAccessTime.dwHighDateTime=0x1d46295, ftLastWriteTime.dwLowDateTime=0x9084c6f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf700)) returned 1 [0106.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e700) returned 1 [0106.903] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\5p5hswwirarrybufevu.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\5P5HsWWIrarrybUFEVu.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\5p5hswwirarrybufevu.jpg.blackhat")) returned 1 [0106.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.903] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.903] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.904] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.png", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.904] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.904] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.904] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.csv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.905] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.sql", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.906] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.906] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.sln", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.906] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.907] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.php", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.907] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.907] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.asp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.908] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.908] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.aspx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.908] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.908] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.html", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.909] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.909] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.909] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.xml", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.909] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.909] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.909] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.psd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.910] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.910] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.910] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.rar", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.910] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.910] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.910] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.zip", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.911] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.911] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mp3", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.911] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.911] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.exe", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.912] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.912] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.912] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.PDF", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.912] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.912] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.912] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.rtf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.DT", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.CF", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.914] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.914] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.914] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.CFU", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.914] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.914] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.914] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mxl", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.915] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.epf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.915] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.erf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.vrp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.grs", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.917] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.geo", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.917] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.elf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.918] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.918] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.lgf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.918] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.918] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.lgp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.log", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.st", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.920] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.920] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.920] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.pff", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.920] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.920] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.920] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mft", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.920] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.920] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.921] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.efd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.921] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.ini", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.922] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.CFL", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.922] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.cer", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.backup", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.923] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.923] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.7z", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.923] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.923] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.tiff", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.924] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.924] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.924] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.jpeg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.924] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.924] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.924] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.accdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.925] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.925] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.925] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.sqlite", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.925] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.925] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.925] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.dbf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.926] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*1cd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.926] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.cd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.cdr", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.dwg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.928] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.928] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.928] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.gif", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0x1a95fe50 [0106.928] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0106.928] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.928] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif", lpFilePart=0x0) returned 0x3e [0106.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\n dvx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.929] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1867a [0106.929] ReadFile (in: hFile=0x25c, lpBuffer=0x121c6640, nNumberOfBytesToRead=0x1867a, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x121c6640*, lpNumberOfBytesRead=0x29e708*=0x1867a, lpOverlapped=0x0) returned 1 [0106.934] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif", lpFilePart=0x0) returned 0x3e [0106.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\n dvx.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.939] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif", lpFilePart=0x0) returned 0x3e [0106.939] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif.BlackHat", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif.BlackHat", lpFilePart=0x0) returned 0x47 [0106.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e740) returned 1 [0106.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\n dvx.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e5cb9e0, ftCreationTime.dwHighDateTime=0x1d45e3c, ftLastAccessTime.dwLowDateTime=0xe0cf09b0, ftLastAccessTime.dwHighDateTime=0x1d45d62, ftLastWriteTime.dwLowDateTime=0x908beb10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18680)) returned 1 [0106.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e700) returned 1 [0106.939] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\n dvx.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\n dVX.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\n dvx.gif.blackhat")) returned 1 [0106.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.940] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.940] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.940] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mp4", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.941] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.941] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.941] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.avi", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0x1a95fe50 [0106.941] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0106.941] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.941] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi", lpFilePart=0x0) returned 0x47 [0106.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\afugnwnme_ntz2.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.941] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x2e6d [0106.942] ReadFile (in: hFile=0x25c, lpBuffer=0x221da88, nNumberOfBytesToRead=0x2e6d, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x221da88*, lpNumberOfBytesRead=0x29e708*=0x2e6d, lpOverlapped=0x0) returned 1 [0106.943] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi", nBufferLength=0x105, lpBuffer=0x29e160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi", lpFilePart=0x0) returned 0x47 [0106.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e640) returned 1 [0106.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\afugnwnme_ntz2.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e5b0) returned 1 [0106.945] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi", lpFilePart=0x0) returned 0x47 [0106.945] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi.BlackHat", nBufferLength=0x105, lpBuffer=0x29e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi.BlackHat", lpFilePart=0x0) returned 0x50 [0106.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e740) returned 1 [0106.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\afugnwnme_ntz2.avi"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b9d08f0, ftCreationTime.dwHighDateTime=0x1d465d6, ftLastAccessTime.dwLowDateTime=0xf2a388e0, ftLastAccessTime.dwHighDateTime=0x1d45b97, ftLastWriteTime.dwLowDateTime=0x908beb10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2e70)) returned 1 [0106.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e700) returned 1 [0106.946] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\afugnwnme_ntz2.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\afuGNWnMe_ntz2.avi.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcfb0mfggoq0xs\\afugnwnme_ntz2.avi.blackhat")) returned 1 [0106.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.946] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.946] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mkv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.947] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.947] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.wmv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.947] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.947] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.948] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.webmp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0106.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.948] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.bak", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0106.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e750) returned 1 [0106.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e710) returned 1 [0106.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e820) returned 1 [0106.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0106.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0106.949] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*", lpFindFileData=0x29e4c0 | out: lpFindFileData=0x29e4c0) returned 0x1a95fe50 [0106.949] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.949] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.949] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.949] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.949] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.950] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.950] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.950] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.950] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0106.950] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0106.950] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e770) returned 1 [0106.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e730) returned 1 [0106.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0106.951] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.951] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.951] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.txt", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0106.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0106.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0106.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0106.951] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.951] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.951] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.doc", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0106.952] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0106.952] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0106.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0106.952] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx", lpFilePart=0x0) returned 0x30 [0106.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0106.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fawbi.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0106.952] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1051f [0106.953] ReadFile (in: hFile=0x25c, lpBuffer=0x2229548, nNumberOfBytesToRead=0x1051f, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2229548*, lpNumberOfBytesRead=0x29e7b8*=0x1051f, lpOverlapped=0x0) returned 1 [0106.956] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx", lpFilePart=0x0) returned 0x30 [0106.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0106.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fawbi.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0106.960] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx", lpFilePart=0x0) returned 0x30 [0106.960] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx.BlackHat", lpFilePart=0x0) returned 0x39 [0106.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0106.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fawbi.docx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80053ec0, ftCreationTime.dwHighDateTime=0x1d459bf, ftLastAccessTime.dwLowDateTime=0x206834f0, ftLastAccessTime.dwHighDateTime=0x1d456d5, ftLastWriteTime.dwLowDateTime=0x908e4c70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10520)) returned 1 [0106.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0106.960] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fawbi.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fawBi.docx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fawbi.docx.blackhat")) returned 1 [0106.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0106.961] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.961] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.962] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.docx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0106.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0106.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0106.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0106.962] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.962] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.962] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.xls", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0106.962] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0106.962] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0106.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0106.963] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls", lpFilePart=0x0) returned 0x3e [0106.963] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0106.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4ku7xlyv9romwi9fi03.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0106.963] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xf9b1 [0106.963] ReadFile (in: hFile=0x25c, lpBuffer=0x224bd80, nNumberOfBytesToRead=0xf9b1, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x224bd80*, lpNumberOfBytesRead=0x29e7b8*=0xf9b1, lpOverlapped=0x0) returned 1 [0106.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls", lpFilePart=0x0) returned 0x3e [0106.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0106.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4ku7xlyv9romwi9fi03.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0106.971] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls", lpFilePart=0x0) returned 0x3e [0106.971] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls.BlackHat", lpFilePart=0x0) returned 0x47 [0106.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0106.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4ku7xlyv9romwi9fi03.xls"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55eccc10, ftCreationTime.dwHighDateTime=0x1d456d2, ftLastAccessTime.dwLowDateTime=0xd1b20470, ftLastAccessTime.dwHighDateTime=0x1d46111, ftLastWriteTime.dwLowDateTime=0x9090add0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf9c0)) returned 1 [0106.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0106.972] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4ku7xlyv9romwi9fi03.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y4ku7XlYv9rOmwi9fI03.xls.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4ku7xlyv9romwi9fi03.xls.blackhat")) returned 1 [0106.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0106.973] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.973] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.xlsx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0106.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0106.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0106.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0106.973] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.973] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.ppt", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0106.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0106.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.974] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.pptx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0106.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.974] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.odt", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0106.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0106.975] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0106.975] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.jpg", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0106.975] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0106.975] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0106.975] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0106.975] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0106.975] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0106.975] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0106.976] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg", lpFilePart=0x0) returned 0x30 [0106.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\auuzlo.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.976] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xcbcb [0106.976] ReadFile (in: hFile=0x25c, lpBuffer=0x226eea8, nNumberOfBytesToRead=0xcbcb, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x226eea8*, lpNumberOfBytesRead=0x29e7b8*=0xcbcb, lpOverlapped=0x0) returned 1 [0106.979] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg", lpFilePart=0x0) returned 0x30 [0106.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\auuzlo.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.982] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg", lpFilePart=0x0) returned 0x30 [0106.983] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg.BlackHat", lpFilePart=0x0) returned 0x39 [0106.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\auuzlo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3234f5e0, ftCreationTime.dwHighDateTime=0x1d45f24, ftLastAccessTime.dwLowDateTime=0xe2bc2c30, ftLastAccessTime.dwHighDateTime=0x1d463cf, ftLastWriteTime.dwLowDateTime=0x9090add0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xcbd0)) returned 1 [0106.983] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\auuzlo.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\auuzlO.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\auuzlo.jpg.blackhat")) returned 1 [0106.984] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg", lpFilePart=0x0) returned 0x3d [0106.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0wnqwmb8rajpby8zsn.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.984] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x13458 [0106.985] ReadFile (in: hFile=0x25c, lpBuffer=0x22891d0, nNumberOfBytesToRead=0x13458, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22891d0*, lpNumberOfBytesRead=0x29e7b8*=0x13458, lpOverlapped=0x0) returned 1 [0106.989] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg", lpFilePart=0x0) returned 0x3d [0106.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0wnqwmb8rajpby8zsn.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0106.992] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg", lpFilePart=0x0) returned 0x3d [0106.992] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg.BlackHat", lpFilePart=0x0) returned 0x46 [0106.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0wnqwmb8rajpby8zsn.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6af044a0, ftCreationTime.dwHighDateTime=0x1d4641c, ftLastAccessTime.dwLowDateTime=0x264672c0, ftLastAccessTime.dwHighDateTime=0x1d45a58, ftLastWriteTime.dwLowDateTime=0x90930f30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x13460)) returned 1 [0106.993] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0wnqwmb8rajpby8zsn.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0wNQWmB8rAJPBY8ZSN.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0wnqwmb8rajpby8zsn.jpg.blackhat")) returned 1 [0107.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg", lpFilePart=0x0) returned 0x31 [0107.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nkup7qc.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.001] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1505d [0107.002] ReadFile (in: hFile=0x25c, lpBuffer=0x121f73b0, nNumberOfBytesToRead=0x1505d, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x121f73b0*, lpNumberOfBytesRead=0x29e7b8*=0x1505d, lpOverlapped=0x0) returned 1 [0107.006] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg", lpFilePart=0x0) returned 0x31 [0107.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nkup7qc.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.010] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg", lpFilePart=0x0) returned 0x31 [0107.010] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg.BlackHat", lpFilePart=0x0) returned 0x3a [0107.010] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nkup7qc.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b96400, ftCreationTime.dwHighDateTime=0x1d45740, ftLastAccessTime.dwLowDateTime=0xfe082150, ftLastAccessTime.dwHighDateTime=0x1d45ffc, ftLastWriteTime.dwLowDateTime=0x90957090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x15060)) returned 1 [0107.010] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nkup7qc.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NKuP7qC.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nkup7qc.jpg.blackhat")) returned 1 [0107.011] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg", lpFilePart=0x0) returned 0x3a [0107.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtxct61pjpwwto7b.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.011] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x3ba7 [0107.011] ReadFile (in: hFile=0x25c, lpBuffer=0x22b11a8, nNumberOfBytesToRead=0x3ba7, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22b11a8*, lpNumberOfBytesRead=0x29e7b8*=0x3ba7, lpOverlapped=0x0) returned 1 [0107.013] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg", lpFilePart=0x0) returned 0x3a [0107.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtxct61pjpwwto7b.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.015] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg", lpFilePart=0x0) returned 0x3a [0107.015] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg.BlackHat", lpFilePart=0x0) returned 0x43 [0107.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtxct61pjpwwto7b.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e49e040, ftCreationTime.dwHighDateTime=0x1d460f7, ftLastAccessTime.dwLowDateTime=0x257c1b80, ftLastAccessTime.dwHighDateTime=0x1d463e8, ftLastWriteTime.dwLowDateTime=0x9097d1f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3bb0)) returned 1 [0107.016] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtxct61pjpwwto7b.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qTXcT61PJPwWTo7b.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtxct61pjpwwto7b.jpg.blackhat")) returned 1 [0107.017] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg", lpFilePart=0x0) returned 0x30 [0107.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4gui9.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.017] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x10c62 [0107.017] ReadFile (in: hFile=0x25c, lpBuffer=0x22b94b8, nNumberOfBytesToRead=0x10c62, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22b94b8*, lpNumberOfBytesRead=0x29e7b8*=0x10c62, lpOverlapped=0x0) returned 1 [0107.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg", lpFilePart=0x0) returned 0x30 [0107.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4gui9.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.025] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg", lpFilePart=0x0) returned 0x30 [0107.025] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg.BlackHat", lpFilePart=0x0) returned 0x39 [0107.025] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4gui9.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc65adb0, ftCreationTime.dwHighDateTime=0x1d46135, ftLastAccessTime.dwLowDateTime=0xdbb526c0, ftLastAccessTime.dwHighDateTime=0x1d459b2, ftLastWriteTime.dwLowDateTime=0x9097d1f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10c70)) returned 1 [0107.025] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4gui9.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Y4guI9.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y4gui9.jpg.blackhat")) returned 1 [0107.026] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.026] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.026] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.png", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.026] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.026] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.026] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.027] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.027] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png", lpFilePart=0x0) returned 0x2e [0107.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kqak.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.027] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x18269 [0107.027] ReadFile (in: hFile=0x25c, lpBuffer=0x122214e0, nNumberOfBytesToRead=0x18269, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x122214e0*, lpNumberOfBytesRead=0x29e7b8*=0x18269, lpOverlapped=0x0) returned 1 [0107.032] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png", lpFilePart=0x0) returned 0x2e [0107.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kqak.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.036] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png", lpFilePart=0x0) returned 0x2e [0107.036] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png.BlackHat", lpFilePart=0x0) returned 0x37 [0107.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kqak.png"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae33fc40, ftCreationTime.dwHighDateTime=0x1d45c18, ftLastAccessTime.dwLowDateTime=0xbe6eb580, ftLastAccessTime.dwHighDateTime=0x1d45f17, ftLastWriteTime.dwLowDateTime=0x909a3350, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18270)) returned 1 [0107.036] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kqak.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Kqak.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kqak.png.blackhat")) returned 1 [0107.037] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png", lpFilePart=0x0) returned 0x32 [0107.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\meaj-h2c.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.037] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x4a72 [0107.038] ReadFile (in: hFile=0x25c, lpBuffer=0x22dd1b0, nNumberOfBytesToRead=0x4a72, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22dd1b0*, lpNumberOfBytesRead=0x29e7b8*=0x4a72, lpOverlapped=0x0) returned 1 [0107.040] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png", lpFilePart=0x0) returned 0x32 [0107.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\meaj-h2c.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.043] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png", lpFilePart=0x0) returned 0x32 [0107.043] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png.BlackHat", lpFilePart=0x0) returned 0x3b [0107.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\meaj-h2c.png"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8d57690, ftCreationTime.dwHighDateTime=0x1d462c5, ftLastAccessTime.dwLowDateTime=0x4ad04f50, ftLastAccessTime.dwHighDateTime=0x1d458f3, ftLastWriteTime.dwLowDateTime=0x909a3350, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x4a80)) returned 1 [0107.043] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\meaj-h2c.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MEaJ-h2c.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\meaj-h2c.png.blackhat")) returned 1 [0107.044] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png", lpFilePart=0x0) returned 0x3e [0107.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xsofiwd9ruy95ueo6kvh.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.044] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xf6f8 [0107.044] ReadFile (in: hFile=0x25c, lpBuffer=0x22e7248, nNumberOfBytesToRead=0xf6f8, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22e7248*, lpNumberOfBytesRead=0x29e7b8*=0xf6f8, lpOverlapped=0x0) returned 1 [0107.048] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png", lpFilePart=0x0) returned 0x3e [0107.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xsofiwd9ruy95ueo6kvh.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.052] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png", lpFilePart=0x0) returned 0x3e [0107.052] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png.BlackHat", lpFilePart=0x0) returned 0x47 [0107.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xsofiwd9ruy95ueo6kvh.png"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b9dee50, ftCreationTime.dwHighDateTime=0x1d45851, ftLastAccessTime.dwLowDateTime=0xfc815b40, ftLastAccessTime.dwHighDateTime=0x1d4589e, ftLastWriteTime.dwLowDateTime=0x909c94b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf700)) returned 1 [0107.052] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xsofiwd9ruy95ueo6kvh.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XSOFiWd9rUy95UeO6KVh.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xsofiwd9ruy95ueo6kvh.png.blackhat")) returned 1 [0107.053] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.053] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.053] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.csv", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.054] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.054] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.054] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.054] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv", lpFilePart=0x0) returned 0x36 [0107.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b53bczxn21zw.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.054] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x138ab [0107.055] ReadFile (in: hFile=0x25c, lpBuffer=0x2307860, nNumberOfBytesToRead=0x138ab, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2307860*, lpNumberOfBytesRead=0x29e7b8*=0x138ab, lpOverlapped=0x0) returned 1 [0107.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv", lpFilePart=0x0) returned 0x36 [0107.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b53bczxn21zw.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.063] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv", lpFilePart=0x0) returned 0x36 [0107.063] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv.BlackHat", lpFilePart=0x0) returned 0x3f [0107.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b53bczxn21zw.csv"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f65d3a0, ftCreationTime.dwHighDateTime=0x1d45674, ftLastAccessTime.dwLowDateTime=0x5f77d490, ftLastAccessTime.dwHighDateTime=0x1d46100, ftLastWriteTime.dwLowDateTime=0x909ef610, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x138b0)) returned 1 [0107.063] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b53bczxn21zw.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B53BCzxn21zw.csv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b53bczxn21zw.csv.blackhat")) returned 1 [0107.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv", lpFilePart=0x0) returned 0x35 [0107.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcbpc rp-ec.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.064] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xa69f [0107.065] ReadFile (in: hFile=0x25c, lpBuffer=0x232f558, nNumberOfBytesToRead=0xa69f, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x232f558*, lpNumberOfBytesRead=0x29e7b8*=0xa69f, lpOverlapped=0x0) returned 1 [0107.068] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv", lpFilePart=0x0) returned 0x35 [0107.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcbpc rp-ec.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.070] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv", lpFilePart=0x0) returned 0x35 [0107.071] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv.BlackHat", lpFilePart=0x0) returned 0x3e [0107.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcbpc rp-ec.csv"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfed4840, ftCreationTime.dwHighDateTime=0x1d4656a, ftLastAccessTime.dwLowDateTime=0x704d1ce0, ftLastAccessTime.dwHighDateTime=0x1d4624e, ftLastWriteTime.dwLowDateTime=0x909ef610, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa6a0)) returned 1 [0107.071] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcbpc rp-ec.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PCbPc rP-EC.csv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcbpc rp-ec.csv.blackhat")) returned 1 [0107.072] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.072] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.sql", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.072] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.072] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mdb", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.072] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.sln", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.php", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.asp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.aspx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.html", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.xml", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.075] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.075] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.075] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.psd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.075] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.075] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.075] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.rar", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.076] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.zip", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.076] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mp3", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.076] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.076] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.077] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.077] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.077] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.077] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.077] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.077] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3", lpFilePart=0x0) returned 0x33 [0107.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiii r5mj.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.077] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x12263 [0107.078] ReadFile (in: hFile=0x25c, lpBuffer=0x234b9a8, nNumberOfBytesToRead=0x12263, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x234b9a8*, lpNumberOfBytesRead=0x29e7b8*=0x12263, lpOverlapped=0x0) returned 1 [0107.082] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3", lpFilePart=0x0) returned 0x33 [0107.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiii r5mj.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.086] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3", lpFilePart=0x0) returned 0x33 [0107.086] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3.BlackHat", lpFilePart=0x0) returned 0x3c [0107.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiii r5mj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65fa1e30, ftCreationTime.dwHighDateTime=0x1d45f2b, ftLastAccessTime.dwLowDateTime=0xe315ba20, ftLastAccessTime.dwHighDateTime=0x1d45727, ftLastWriteTime.dwLowDateTime=0x90a15770, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x12270)) returned 1 [0107.086] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiii r5mj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AiIi r5mJ.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiii r5mj.mp3.blackhat")) returned 1 [0107.087] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3", lpFilePart=0x0) returned 0x3a [0107.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dpamomstgn4oue63.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.087] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xe14a [0107.088] ReadFile (in: hFile=0x25c, lpBuffer=0x2370a20, nNumberOfBytesToRead=0xe14a, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2370a20*, lpNumberOfBytesRead=0x29e7b8*=0xe14a, lpOverlapped=0x0) returned 1 [0107.113] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3", lpFilePart=0x0) returned 0x3a [0107.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dpamomstgn4oue63.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.117] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3", lpFilePart=0x0) returned 0x3a [0107.117] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3.BlackHat", lpFilePart=0x0) returned 0x43 [0107.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dpamomstgn4oue63.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe46bae40, ftCreationTime.dwHighDateTime=0x1d45658, ftLastAccessTime.dwLowDateTime=0x5a277ab0, ftLastAccessTime.dwHighDateTime=0x1d46266, ftLastWriteTime.dwLowDateTime=0x90a61a30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe150)) returned 1 [0107.117] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dpamomstgn4oue63.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DpAMomStgN4Oue63.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dpamomstgn4oue63.mp3.blackhat")) returned 1 [0107.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\f6XwJIq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f6xwjiq.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.118] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1105 [0107.118] ReadFile (in: hFile=0x25c, lpBuffer=0x21bf488, nNumberOfBytesToRead=0x1105, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21bf488*, lpNumberOfBytesRead=0x29e7b8*=0x1105, lpOverlapped=0x0) returned 1 [0107.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\f6XwJIq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f6xwjiq.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\f6XwJIq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f6xwjiq.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34591d0, ftCreationTime.dwHighDateTime=0x1d45de0, ftLastAccessTime.dwLowDateTime=0x11d0fb80, ftLastAccessTime.dwHighDateTime=0x1d45855, ftLastWriteTime.dwLowDateTime=0x90a61a30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1110)) returned 1 [0107.122] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\f6XwJIq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f6xwjiq.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\f6XwJIq.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f6xwjiq.mp3.blackhat")) returned 1 [0107.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\k1c7AVTe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k1c7avte.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.123] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x2929 [0107.123] ReadFile (in: hFile=0x25c, lpBuffer=0x21c2208, nNumberOfBytesToRead=0x2929, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21c2208*, lpNumberOfBytesRead=0x29e7b8*=0x2929, lpOverlapped=0x0) returned 1 [0107.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\k1c7AVTe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k1c7avte.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\k1c7AVTe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k1c7avte.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab4257c0, ftCreationTime.dwHighDateTime=0x1d46140, ftLastAccessTime.dwLowDateTime=0x6ac8c630, ftLastAccessTime.dwHighDateTime=0x1d45d1b, ftLastWriteTime.dwLowDateTime=0x90a87b90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2930)) returned 1 [0107.127] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\k1c7AVTe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k1c7avte.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\k1c7AVTe.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k1c7avte.mp3.blackhat")) returned 1 [0107.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qSYepBr9-mkSVCrO.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qsyepbr9-mksvcro.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.128] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xc334 [0107.128] ReadFile (in: hFile=0x25c, lpBuffer=0x21c7ff0, nNumberOfBytesToRead=0xc334, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21c7ff0*, lpNumberOfBytesRead=0x29e7b8*=0xc334, lpOverlapped=0x0) returned 1 [0107.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qSYepBr9-mkSVCrO.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qsyepbr9-mksvcro.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qSYepBr9-mkSVCrO.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qsyepbr9-mksvcro.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa57bd00, ftCreationTime.dwHighDateTime=0x1d460b9, ftLastAccessTime.dwLowDateTime=0x58a688b0, ftLastAccessTime.dwHighDateTime=0x1d45731, ftLastWriteTime.dwLowDateTime=0x90a87b90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc340)) returned 1 [0107.134] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qSYepBr9-mkSVCrO.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qsyepbr9-mksvcro.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qSYepBr9-mkSVCrO.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qsyepbr9-mksvcro.mp3.blackhat")) returned 1 [0107.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XOTh0 Zy1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xoth0 zy1.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.136] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xa80c [0107.136] ReadFile (in: hFile=0x25c, lpBuffer=0x21e1228, nNumberOfBytesToRead=0xa80c, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21e1228*, lpNumberOfBytesRead=0x29e7b8*=0xa80c, lpOverlapped=0x0) returned 1 [0107.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XOTh0 Zy1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xoth0 zy1.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XOTh0 Zy1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xoth0 zy1.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80537d50, ftCreationTime.dwHighDateTime=0x1d45673, ftLastAccessTime.dwLowDateTime=0x959f8180, ftLastAccessTime.dwHighDateTime=0x1d45c73, ftLastWriteTime.dwLowDateTime=0x90aadcf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa810)) returned 1 [0107.142] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XOTh0 Zy1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xoth0 zy1.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XOTh0 Zy1.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xoth0 zy1.mp3.blackhat")) returned 1 [0107.144] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.exe", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.144] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.144] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x25c [0107.145] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x34800 [0107.145] ReadFile (in: hFile=0x25c, lpBuffer=0x12251a30, nNumberOfBytesToRead=0x34800, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x12251a30*, lpNumberOfBytesRead=0x29e7b8*=0x34800, lpOverlapped=0x0) returned 1 [0107.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.188] EtwEventRegister (in: ProviderId=0x21faba0, EnableCallback=0x1b01139c, CallbackContext=0x0, RegHandle=0x21fab80 | out: RegHandle=0x21fab80) returned 0x0 [0107.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29b030) returned 1 [0107.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.301] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.301] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.301] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.PDF", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.301] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.301] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.302] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.rtf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.302] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.DT", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.303] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.CF", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.303] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.CFU", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mxl", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.epf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.erf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.306] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.vrp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.306] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.grs", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.geo", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.elf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.lgf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.lgp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.log", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.st", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.pff", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.311] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.311] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.311] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mft", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.efd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.ini", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.312] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.313] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x31 [0107.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.313] GetFileType (hFile=0x258) returned 0x1 [0107.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.313] GetFileType (hFile=0x258) returned 0x1 [0107.313] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x11a [0107.313] ReadFile (in: hFile=0x258, lpBuffer=0x2206ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2206ff0*, lpNumberOfBytesRead=0x29e7b8*=0x11a, lpOverlapped=0x0) returned 1 [0107.314] CloseHandle (hObject=0x258) returned 1 [0107.315] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x31 [0107.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29b030) returned 1 [0107.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.333] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.333] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.CFL", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.334] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.334] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.334] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.cer", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.334] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.334] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.335] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.backup", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.335] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.7z", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.336] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.336] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.tiff", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.336] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.336] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.336] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.jpeg", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.337] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.337] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.337] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.accdb", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.337] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.337] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.337] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.sqlite", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.338] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.dbf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.338] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*1cd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.339] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.339] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.339] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mdb", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.339] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.339] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.339] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.cd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.340] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.cdr", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.340] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.dwg", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.341] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.gif", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.341] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.341] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif", lpFilePart=0x0) returned 0x2f [0107.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dfosj.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.341] GetFileType (hFile=0x258) returned 0x1 [0107.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.341] GetFileType (hFile=0x258) returned 0x1 [0107.342] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x7f65 [0107.342] ReadFile (in: hFile=0x258, lpBuffer=0x2210dc0, nNumberOfBytesToRead=0x7f65, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2210dc0*, lpNumberOfBytesRead=0x29e7b8*=0x7f65, lpOverlapped=0x0) returned 1 [0107.343] CloseHandle (hObject=0x258) returned 1 [0107.344] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif", lpFilePart=0x0) returned 0x2f [0107.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dfosj.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.346] GetFileType (hFile=0x258) returned 0x1 [0107.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.346] GetFileType (hFile=0x258) returned 0x1 [0107.346] WriteFile (in: hFile=0x258, lpBuffer=0x2219430*, nNumberOfBytesToWrite=0x7f70, lpNumberOfBytesWritten=0x29e818, lpOverlapped=0x0 | out: lpBuffer=0x2219430*, lpNumberOfBytesWritten=0x29e818*=0x7f70, lpOverlapped=0x0) returned 1 [0107.347] CloseHandle (hObject=0x258) returned 1 [0107.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif", lpFilePart=0x0) returned 0x2f [0107.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif.BlackHat", lpFilePart=0x0) returned 0x38 [0107.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dfosj.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x657afc80, ftCreationTime.dwHighDateTime=0x1d4586f, ftLastAccessTime.dwLowDateTime=0xe5b7f7c0, ftLastAccessTime.dwHighDateTime=0x1d45c13, ftLastWriteTime.dwLowDateTime=0x90c9ced0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7f70)) returned 1 [0107.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.348] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dfosj.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dFoSJ.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dfosj.gif.blackhat")) returned 1 [0107.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.350] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.350] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mp4", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.350] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.350] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.350] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.350] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.351] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4", lpFilePart=0x0) returned 0x38 [0107.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9pgbs08or1q 0s.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.351] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xd9cc [0107.351] ReadFile (in: hFile=0x258, lpBuffer=0x2222668, nNumberOfBytesToRead=0xd9cc, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2222668*, lpNumberOfBytesRead=0x29e7b8*=0xd9cc, lpOverlapped=0x0) returned 1 [0107.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4", lpFilePart=0x0) returned 0x38 [0107.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9pgbs08or1q 0s.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.359] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4", lpFilePart=0x0) returned 0x38 [0107.359] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4.BlackHat", lpFilePart=0x0) returned 0x41 [0107.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9pgbs08or1q 0s.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb412b00, ftCreationTime.dwHighDateTime=0x1d45611, ftLastAccessTime.dwLowDateTime=0xf10db540, ftLastAccessTime.dwHighDateTime=0x1d4646c, ftLastWriteTime.dwLowDateTime=0x90cc3030, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd9d0)) returned 1 [0107.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.359] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9pgbs08or1q 0s.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9pGbs08or1Q 0s.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9pgbs08or1q 0s.mp4.blackhat")) returned 1 [0107.360] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4", lpFilePart=0x0) returned 0x35 [0107.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eaopkdhmcnm.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.360] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xa366 [0107.360] ReadFile (in: hFile=0x258, lpBuffer=0x223e5c0, nNumberOfBytesToRead=0xa366, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x223e5c0*, lpNumberOfBytesRead=0x29e7b8*=0xa366, lpOverlapped=0x0) returned 1 [0107.363] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4", lpFilePart=0x0) returned 0x35 [0107.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eaopkdhmcnm.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.366] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4", lpFilePart=0x0) returned 0x35 [0107.366] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4.BlackHat", lpFilePart=0x0) returned 0x3e [0107.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.366] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eaopkdhmcnm.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62ef9f90, ftCreationTime.dwHighDateTime=0x1d460e7, ftLastAccessTime.dwLowDateTime=0x2c65dc40, ftLastAccessTime.dwHighDateTime=0x1d46020, ftLastWriteTime.dwLowDateTime=0x90cc3030, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa370)) returned 1 [0107.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.367] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eaopkdhmcnm.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EAOPkDhmCNm.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eaopkdhmcnm.mp4.blackhat")) returned 1 [0107.368] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4", lpFilePart=0x0) returned 0x3b [0107.368] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u4cxhttw81xg0z5ni.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.368] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.368] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x17967 [0107.368] ReadFile (in: hFile=0x258, lpBuffer=0x122baab0, nNumberOfBytesToRead=0x17967, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x122baab0*, lpNumberOfBytesRead=0x29e7b8*=0x17967, lpOverlapped=0x0) returned 1 [0107.373] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4", lpFilePart=0x0) returned 0x3b [0107.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u4cxhttw81xg0z5ni.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4", lpFilePart=0x0) returned 0x3b [0107.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4.BlackHat", lpFilePart=0x0) returned 0x44 [0107.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u4cxhttw81xg0z5ni.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21b82cf0, ftCreationTime.dwHighDateTime=0x1d459e8, ftLastAccessTime.dwLowDateTime=0x608320, ftLastAccessTime.dwHighDateTime=0x1d45850, ftLastWriteTime.dwLowDateTime=0x90ce9190, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17970)) returned 1 [0107.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.377] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u4cxhttw81xg0z5ni.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U4CXHTtW81xg0z5nI.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u4cxhttw81xg0z5ni.mp4.blackhat")) returned 1 [0107.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.379] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.379] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.379] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.avi", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.379] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.379] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.379] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.379] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi", lpFilePart=0x0) returned 0x36 [0107.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ljlbaymzsdb.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.380] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1433a [0107.380] ReadFile (in: hFile=0x258, lpBuffer=0x2255028, nNumberOfBytesToRead=0x1433a, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2255028*, lpNumberOfBytesRead=0x29e7b8*=0x1433a, lpOverlapped=0x0) returned 1 [0107.383] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi", lpFilePart=0x0) returned 0x36 [0107.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ljlbaymzsdb.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.387] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi", lpFilePart=0x0) returned 0x36 [0107.387] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi.BlackHat", lpFilePart=0x0) returned 0x3f [0107.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ljlbaymzsdb.avi"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74c51b0, ftCreationTime.dwHighDateTime=0x1d45633, ftLastAccessTime.dwLowDateTime=0xcc851900, ftLastAccessTime.dwHighDateTime=0x1d456ae, ftLastWriteTime.dwLowDateTime=0x90ce9190, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x14340)) returned 1 [0107.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.387] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ljlbaymzsdb.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6LJLbAymZsdb.avi.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ljlbaymzsdb.avi.blackhat")) returned 1 [0107.389] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi", lpFilePart=0x0) returned 0x34 [0107.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m0bperfij8.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.389] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x126a4 [0107.389] ReadFile (in: hFile=0x258, lpBuffer=0x227e240, nNumberOfBytesToRead=0x126a4, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x227e240*, lpNumberOfBytesRead=0x29e7b8*=0x126a4, lpOverlapped=0x0) returned 1 [0107.392] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi", lpFilePart=0x0) returned 0x34 [0107.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m0bperfij8.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.396] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi", lpFilePart=0x0) returned 0x34 [0107.396] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi.BlackHat", lpFilePart=0x0) returned 0x3d [0107.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m0bperfij8.avi"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcead68d0, ftCreationTime.dwHighDateTime=0x1d45f15, ftLastAccessTime.dwLowDateTime=0x72c0c450, ftLastAccessTime.dwHighDateTime=0x1d45aa0, ftLastWriteTime.dwLowDateTime=0x90d0f2f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x126b0)) returned 1 [0107.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.396] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m0bperfij8.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m0BPERFiJ8.avi.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m0bperfij8.avi.blackhat")) returned 1 [0107.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.397] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.397] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mkv", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.398] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.398] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.398] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.398] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.398] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv", lpFilePart=0x0) returned 0x2e [0107.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0xs.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.398] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xa136 [0107.399] ReadFile (in: hFile=0x258, lpBuffer=0x22a4888, nNumberOfBytesToRead=0xa136, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22a4888*, lpNumberOfBytesRead=0x29e7b8*=0xa136, lpOverlapped=0x0) returned 1 [0107.401] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv", lpFilePart=0x0) returned 0x2e [0107.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0xs.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv", lpFilePart=0x0) returned 0x2e [0107.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv.BlackHat", lpFilePart=0x0) returned 0x37 [0107.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0xs.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5c3d980, ftCreationTime.dwHighDateTime=0x1d46489, ftLastAccessTime.dwLowDateTime=0x2793fc80, ftLastAccessTime.dwHighDateTime=0x1d45696, ftLastWriteTime.dwLowDateTime=0x90d0f2f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa140)) returned 1 [0107.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.405] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0xs.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0XS.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0xs.mkv.blackhat")) returned 1 [0107.406] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv", lpFilePart=0x0) returned 0x2e [0107.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gxaj.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.406] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xfa6a [0107.406] ReadFile (in: hFile=0x258, lpBuffer=0x22b9638, nNumberOfBytesToRead=0xfa6a, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22b9638*, lpNumberOfBytesRead=0x29e7b8*=0xfa6a, lpOverlapped=0x0) returned 1 [0107.409] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv", lpFilePart=0x0) returned 0x2e [0107.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gxaj.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.413] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv", lpFilePart=0x0) returned 0x2e [0107.413] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv.BlackHat", lpFilePart=0x0) returned 0x37 [0107.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gxaj.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6eb7de10, ftCreationTime.dwHighDateTime=0x1d45ad3, ftLastAccessTime.dwLowDateTime=0xe7518680, ftLastAccessTime.dwHighDateTime=0x1d45bf2, ftLastWriteTime.dwLowDateTime=0x90d35450, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xfa70)) returned 1 [0107.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.413] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gxaj.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GxaJ.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gxaj.mkv.blackhat")) returned 1 [0107.425] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv", lpFilePart=0x0) returned 0x37 [0107.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vxh5-9fvv35aa.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.426] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xe49b [0107.426] ReadFile (in: hFile=0x258, lpBuffer=0x22d9668, nNumberOfBytesToRead=0xe49b, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22d9668*, lpNumberOfBytesRead=0x29e7b8*=0xe49b, lpOverlapped=0x0) returned 1 [0107.428] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv", nBufferLength=0x105, lpBuffer=0x29e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv", lpFilePart=0x0) returned 0x37 [0107.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6f0) returned 1 [0107.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vxh5-9fvv35aa.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e660) returned 1 [0107.432] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv", lpFilePart=0x0) returned 0x37 [0107.432] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv.BlackHat", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv.BlackHat", lpFilePart=0x0) returned 0x40 [0107.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7f0) returned 1 [0107.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vxh5-9fvv35aa.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaa371e0, ftCreationTime.dwHighDateTime=0x1d462c2, ftLastAccessTime.dwLowDateTime=0xa3e31210, ftLastAccessTime.dwHighDateTime=0x1d45e27, ftLastWriteTime.dwLowDateTime=0x90d5b5b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe4a0)) returned 1 [0107.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7b0) returned 1 [0107.432] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vxh5-9fvv35aa.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VXH5-9Fvv35aa.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vxh5-9fvv35aa.mkv.blackhat")) returned 1 [0107.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.433] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.433] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.433] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.wmv", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.webmp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.bak", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e800) returned 1 [0107.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x29e7c0) returned 1 [0107.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8d0) returned 1 [0107.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8b0) returned 1 [0107.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e8d0) returned 1 [0107.465] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0107.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x29e360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0107.466] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x29e570 | out: lpFindFileData=0x29e570) returned 0x1a95fe50 [0107.466] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.466] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.466] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.466] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.466] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.467] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.467] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.467] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.467] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.467] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.467] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.467] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.468] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.468] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.468] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.468] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.468] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.468] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.468] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.469] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.469] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.469] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.469] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.469] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.469] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.469] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.470] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.470] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.470] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.470] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.470] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.470] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.471] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0 [0107.472] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e820) returned 1 [0107.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e7e0) returned 1 [0107.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.472] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.txt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.473] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.doc", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.473] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.docx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.473] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.xls", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.474] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.xlsx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.477] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.ppt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.477] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.478] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.pptx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.478] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.odt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.478] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.jpg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.479] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.479] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.479] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.png", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.479] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.479] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.479] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.csv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.480] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.sql", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.480] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.480] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.sln", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.481] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.481] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.481] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.php", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.481] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.481] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.481] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.asp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.481] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.481] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.481] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.aspx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.482] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.html", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.482] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.xml", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.483] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.psd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e710) returned 1 [0107.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e800) returned 1 [0107.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.483] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.rar", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e750) returned 1 [0107.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.483] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.zip", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mp3", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.exe", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.PDF", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.rtf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.485] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.DT", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.485] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.CF", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.485] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.CFU", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mxl", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.486] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.486] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.epf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.486] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.486] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.erf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.486] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.486] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.vrp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.grs", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.geo", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.elf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.lgf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.lgp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.log", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.st", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.pff", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mft", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.efd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.ini", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.CFL", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.cer", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.backup", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.7z", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.tiff", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.jpeg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.accdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.491] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.sqlite", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.492] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.dbf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.492] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*1cd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.492] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.492] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.cd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.cdr", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.dwg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.gif", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mp4", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.avi", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.mkv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", nBufferLength=0x105, lpBuffer=0x29e290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\", lpFilePart=0x0) returned 0x35 [0107.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.wmv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", nBufferLength=0x105, lpBuffer=0x29e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS", lpFilePart=0x0) returned 0x34 [0107.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.webmp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*.bak", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCfB0mFGgoQ0XS\\*", lpFindFileData=0x29e4c0 | out: lpFindFileData=0x29e4c0) returned 0x1a95fe50 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.495] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.495] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.txt", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.doc", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.docx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.xls", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.xlsx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.ppt", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.pptx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.odt", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.jpg", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.png", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.csv", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.sql", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mdb", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.sln", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.php", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.asp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.aspx", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.html", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.xml", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.psd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.rar", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.zip", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mp3", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.exe", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.499] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.499] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.500] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x34800 [0107.500] ReadFile (in: hFile=0x258, lpBuffer=0x122e9df8, nNumberOfBytesToRead=0x34800, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x122e9df8*, lpNumberOfBytesRead=0x29e7b8*=0x34800, lpOverlapped=0x0) returned 1 [0107.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.507] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.PDF", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.507] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.rtf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.507] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.DT", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.CF", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.CFU", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mxl", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.epf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.erf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.vrp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.grs", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.geo", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.elf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.lgf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.lgp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.log", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.st", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.pff", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mft", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.efd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.ini", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0x1a95fe50 [0107.510] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.510] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.511] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x11a [0107.511] ReadFile (in: hFile=0x258, lpBuffer=0x233bca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x233bca0*, lpNumberOfBytesRead=0x29e7b8*=0x11a, lpOverlapped=0x0) returned 1 [0107.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.CFL", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.cer", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.backup", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.7z", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.tiff", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.jpeg", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.accdb", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.sqlite", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.dbf", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*1cd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mdb", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.cd", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.cdr", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.dwg", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.gif", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mp4", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.avi", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.mkv", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.wmv", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.webmp", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.bak", lpFindFileData=0x29e550 | out: lpFindFileData=0x29e550) returned 0xffffffffffffffff [0107.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x29e570 | out: lpFindFileData=0x29e570) returned 0x1a95fe50 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.517] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.518] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.518] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.518] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.518] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0 [0107.518] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.txt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.doc", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.docx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.xls", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0x1a95fe50 [0107.518] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0107.518] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\movpp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\movpp.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.519] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x159df [0107.519] ReadFile (in: hFile=0x258, lpBuffer=0x12352e78, nNumberOfBytesToRead=0x159df, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x12352e78*, lpNumberOfBytesRead=0x29e708*=0x159df, lpOverlapped=0x0) returned 1 [0107.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\movpp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\movpp.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\movpp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\movpp.xls"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fab4940, ftCreationTime.dwHighDateTime=0x1d45d94, ftLastAccessTime.dwLowDateTime=0x44d4a840, ftLastAccessTime.dwHighDateTime=0x1d45ea1, ftLastWriteTime.dwLowDateTime=0x90e3fdf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x159e0)) returned 1 [0107.525] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\movpp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\movpp.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\movpp.xls.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\movpp.xls.blackhat")) returned 1 [0107.525] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.xlsx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.ppt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.pptx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.odt", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.jpg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.png", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.csv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.sql", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.mdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.sln", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.php", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.asp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.aspx", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.html", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.xml", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.psd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.rar", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.zip", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.mp3", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.exe", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.PDF", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.rtf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.DT", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.CF", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.CFU", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.mxl", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.epf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.erf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.vrp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.grs", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.geo", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.elf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.lgf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.lgp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.log", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.st", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.pff", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.mft", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.efd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.ini", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.CFL", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.cer", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.backup", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.7z", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.tiff", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.jpeg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.accdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.sqlite", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.dbf", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*1cd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.mdb", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.cd", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.cdr", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.dwg", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.gif", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.mp4", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.avi", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.mkv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.wmv", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.webmp", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*.bak", lpFindFileData=0x29e4a0 | out: lpFindFileData=0x29e4a0) returned 0xffffffffffffffff [0107.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\*", lpFindFileData=0x29e4c0 | out: lpFindFileData=0x29e4c0) returned 0x1a95fe50 [0107.535] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.535] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.535] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.535] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.535] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.536] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.536] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.txt", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0xffffffffffffffff [0107.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.doc", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0x1a95fe50 [0107.536] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.536] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\GYEObU9OG.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\gyeobu9og.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.536] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x17501 [0107.537] ReadFile (in: hFile=0x258, lpBuffer=0x1237e2a8, nNumberOfBytesToRead=0x17501, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x1237e2a8*, lpNumberOfBytesRead=0x29e658*=0x17501, lpOverlapped=0x0) returned 1 [0107.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\GYEObU9OG.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\gyeobu9og.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.542] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\GYEObU9OG.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\gyeobu9og.doc"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8074e210, ftCreationTime.dwHighDateTime=0x1d46497, ftLastAccessTime.dwLowDateTime=0xf94c2970, ftLastAccessTime.dwHighDateTime=0x1d46279, ftLastWriteTime.dwLowDateTime=0x90e65f50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17510)) returned 1 [0107.543] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\GYEObU9OG.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\gyeobu9og.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\GYEObU9OG.doc.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\gyeobu9og.doc.blackhat")) returned 1 [0107.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.docx", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0xffffffffffffffff [0107.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.xls", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0xffffffffffffffff [0107.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.xlsx", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0xffffffffffffffff [0107.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.ppt", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0x1a95fe50 [0107.544] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.544] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0107.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\sRUOtqizCyllBw.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\sruotqizcyllbw.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.544] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x12ab9 [0107.544] ReadFile (in: hFile=0x258, lpBuffer=0x2377f00, nNumberOfBytesToRead=0x12ab9, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x2377f00*, lpNumberOfBytesRead=0x29e658*=0x12ab9, lpOverlapped=0x0) returned 1 [0107.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\sRUOtqizCyllBw.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\sruotqizcyllbw.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\sRUOtqizCyllBw.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\sruotqizcyllbw.ppt"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa430c030, ftCreationTime.dwHighDateTime=0x1d46185, ftLastAccessTime.dwLowDateTime=0xefea8d60, ftLastAccessTime.dwHighDateTime=0x1d45b29, ftLastWriteTime.dwLowDateTime=0x90e8c0b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x12ac0)) returned 1 [0107.550] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\sRUOtqizCyllBw.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\sruotqizcyllbw.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\sRUOtqizCyllBw.ppt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\6v_gjovhedke-y3m\\sruotqizcyllbw.ppt.blackhat")) returned 1 [0107.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.pptx", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0xffffffffffffffff [0107.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.odt", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0xffffffffffffffff [0107.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\6v_GjOVHeDke-Y3M\\*.jpg", lpFindFileData=0x29e3f0 | out: lpFindFileData=0x29e3f0) returned 0xffffffffffffffff [0107.555] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.555] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.555] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.555] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0107.555] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 1 [0107.555] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\Fr4HlLV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fr4hllv.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.555] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xb49d [0107.555] ReadFile (in: hFile=0x258, lpBuffer=0x23c6758, nNumberOfBytesToRead=0xb49d, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x23c6758*, lpNumberOfBytesRead=0x29e658*=0xb49d, lpOverlapped=0x0) returned 1 [0107.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\Fr4HlLV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fr4hllv.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.560] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\Fr4HlLV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fr4hllv.docx"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf55b46e0, ftCreationTime.dwHighDateTime=0x1d45c3c, ftLastAccessTime.dwLowDateTime=0xee577270, ftLastAccessTime.dwHighDateTime=0x1d464ba, ftLastWriteTime.dwLowDateTime=0x90e8c0b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb4a0)) returned 1 [0107.560] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\Fr4HlLV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fr4hllv.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\Fr4HlLV.docx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fr4hllv.docx.blackhat")) returned 1 [0107.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\HJXKHXXKSQElmnYVn.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\hjxkhxxksqelmnyvn.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.561] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x12b4f [0107.562] ReadFile (in: hFile=0x258, lpBuffer=0x23ddd78, nNumberOfBytesToRead=0x12b4f, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x23ddd78*, lpNumberOfBytesRead=0x29e658*=0x12b4f, lpOverlapped=0x0) returned 1 [0107.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\HJXKHXXKSQElmnYVn.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\hjxkhxxksqelmnyvn.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\HJXKHXXKSQElmnYVn.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\hjxkhxxksqelmnyvn.doc"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45b34f40, ftCreationTime.dwHighDateTime=0x1d45e2f, ftLastAccessTime.dwLowDateTime=0x93b76c00, ftLastAccessTime.dwHighDateTime=0x1d4569e, ftLastWriteTime.dwLowDateTime=0x90eb2210, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x12b50)) returned 1 [0107.570] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\HJXKHXXKSQElmnYVn.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\hjxkhxxksqelmnyvn.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\HJXKHXXKSQElmnYVn.doc.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\hjxkhxxksqelmnyvn.doc.blackhat")) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\FGotL0e.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fgotl0e.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.571] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x13017 [0107.571] ReadFile (in: hFile=0x258, lpBuffer=0x2406d38, nNumberOfBytesToRead=0x13017, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x2406d38*, lpNumberOfBytesRead=0x29e658*=0x13017, lpOverlapped=0x0) returned 1 [0107.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\FGotL0e.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fgotl0e.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\FGotL0e.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fgotl0e.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e3c10e0, ftCreationTime.dwHighDateTime=0x1d45ec3, ftLastAccessTime.dwLowDateTime=0x8997fc80, ftLastAccessTime.dwHighDateTime=0x1d45f18, ftLastWriteTime.dwLowDateTime=0x90ed8370, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x13020)) returned 1 [0107.579] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\FGotL0e.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fgotl0e.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\FGotL0e.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\fgotl0e.pptx.blackhat")) returned 1 [0107.586] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\9Nt V.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\9nt v.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.586] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x2330 [0107.586] ReadFile (in: hFile=0x258, lpBuffer=0x21b6f58, nNumberOfBytesToRead=0x2330, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x21b6f58*, lpNumberOfBytesRead=0x29e658*=0x2330, lpOverlapped=0x0) returned 1 [0107.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\9Nt V.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\9nt v.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\9Nt V.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\9nt v.csv"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7f71e0, ftCreationTime.dwHighDateTime=0x1d46284, ftLastAccessTime.dwLowDateTime=0xf358e900, ftLastAccessTime.dwHighDateTime=0x1d460e3, ftLastWriteTime.dwLowDateTime=0x90ed8370, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2340)) returned 1 [0107.590] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\9Nt V.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\9nt v.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\9Nt V.csv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\9nt v.csv.blackhat")) returned 1 [0107.591] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\3jHewf0ij9x -pVT9trJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\3jhewf0ij9x -pvt9trj.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.592] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1420d [0107.592] ReadFile (in: hFile=0x258, lpBuffer=0x21c60b8, nNumberOfBytesToRead=0x1420d, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x21c60b8*, lpNumberOfBytesRead=0x29e658*=0x1420d, lpOverlapped=0x0) returned 1 [0107.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\3jHewf0ij9x -pVT9trJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\3jhewf0ij9x -pvt9trj.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.599] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\3jHewf0ij9x -pVT9trJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\3jhewf0ij9x -pvt9trj.rtf"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x832b4080, ftCreationTime.dwHighDateTime=0x1d45de9, ftLastAccessTime.dwLowDateTime=0xab4f43f0, ftLastAccessTime.dwHighDateTime=0x1d45988, ftLastWriteTime.dwLowDateTime=0x90efe4d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x14210)) returned 1 [0107.599] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\3jHewf0ij9x -pVT9trJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\3jhewf0ij9x -pvt9trj.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\3jHewf0ij9x -pVT9trJ.rtf.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\3jhewf0ij9x -pvt9trj.rtf.blackhat")) returned 1 [0107.601] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.601] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.601] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.601] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.601] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.602] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.602] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.602] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.602] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.602] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0107.602] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e390 | out: lpFindFileData=0x29e390) returned 0 [0107.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\9QXV8.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\9qxv8.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.602] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x3ca5 [0107.602] ReadFile (in: hFile=0x258, lpBuffer=0x220d7a0, nNumberOfBytesToRead=0x3ca5, lpNumberOfBytesRead=0x29e5a8, lpOverlapped=0x0 | out: lpBuffer=0x220d7a0*, lpNumberOfBytesRead=0x29e5a8*=0x3ca5, lpOverlapped=0x0) returned 1 [0107.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\9QXV8.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\9qxv8.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\9QXV8.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\9qxv8.xls"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87864610, ftCreationTime.dwHighDateTime=0x1d463a3, ftLastAccessTime.dwLowDateTime=0xeeff1e50, ftLastAccessTime.dwHighDateTime=0x1d462b0, ftLastWriteTime.dwLowDateTime=0x90efe4d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3cb0)) returned 1 [0107.606] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\9QXV8.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\9qxv8.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\9QXV8.xls.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\9qxv8.xls.blackhat")) returned 1 [0107.607] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e390 | out: lpFindFileData=0x29e390) returned 1 [0107.607] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e390 | out: lpFindFileData=0x29e390) returned 0 [0107.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\hVbPNu zb6TZvaE.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\hvbpnu zb6tzvae.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.607] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x12adc [0107.607] ReadFile (in: hFile=0x258, lpBuffer=0x2217bc0, nNumberOfBytesToRead=0x12adc, lpNumberOfBytesRead=0x29e5a8, lpOverlapped=0x0 | out: lpBuffer=0x2217bc0*, lpNumberOfBytesRead=0x29e5a8*=0x12adc, lpOverlapped=0x0) returned 1 [0107.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\hVbPNu zb6TZvaE.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\hvbpnu zb6tzvae.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.614] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\hVbPNu zb6TZvaE.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\hvbpnu zb6tzvae.ppt"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a95a70, ftCreationTime.dwHighDateTime=0x1d456b2, ftLastAccessTime.dwLowDateTime=0xf88fee40, ftLastAccessTime.dwHighDateTime=0x1d464fe, ftLastWriteTime.dwLowDateTime=0x90f24630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x12ae0)) returned 1 [0107.614] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\hVbPNu zb6TZvaE.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\hvbpnu zb6tzvae.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\hVbPNu zb6TZvaE.ppt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\hvbpnu zb6tzvae.ppt.blackhat")) returned 1 [0107.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\xhVcawwZRVZO1M.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\xhvcawwzrvzo1m.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.615] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x12a5 [0107.615] ReadFile (in: hFile=0x258, lpBuffer=0x223df50, nNumberOfBytesToRead=0x12a5, lpNumberOfBytesRead=0x29e5a8, lpOverlapped=0x0 | out: lpBuffer=0x223df50*, lpNumberOfBytesRead=0x29e5a8*=0x12a5, lpOverlapped=0x0) returned 1 [0107.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\xhVcawwZRVZO1M.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\xhvcawwzrvzo1m.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\xhVcawwZRVZO1M.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\xhvcawwzrvzo1m.ppt"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x446a7330, ftCreationTime.dwHighDateTime=0x1d45e3d, ftLastAccessTime.dwLowDateTime=0xb6657550, ftLastAccessTime.dwHighDateTime=0x1d45f4d, ftLastWriteTime.dwLowDateTime=0x90f24630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x12b0)) returned 1 [0107.619] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\xhVcawwZRVZO1M.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\xhvcawwzrvzo1m.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\xhVcawwZRVZO1M.ppt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\xhvcawwzrvzo1m.ppt.blackhat")) returned 1 [0107.620] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e390 | out: lpFindFileData=0x29e390) returned 0 [0107.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\tZaHaVKBi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\tzahavkbi.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.620] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x17a6c [0107.620] ReadFile (in: hFile=0x258, lpBuffer=0x123acd30, nNumberOfBytesToRead=0x17a6c, lpNumberOfBytesRead=0x29e5a8, lpOverlapped=0x0 | out: lpBuffer=0x123acd30*, lpNumberOfBytesRead=0x29e5a8*=0x17a6c, lpOverlapped=0x0) returned 1 [0107.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\tZaHaVKBi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\tzahavkbi.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\tZaHaVKBi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\tzahavkbi.csv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a35210, ftCreationTime.dwHighDateTime=0x1d45e94, ftLastAccessTime.dwLowDateTime=0xdb757080, ftLastAccessTime.dwHighDateTime=0x1d45ce5, ftLastWriteTime.dwLowDateTime=0x90f4a790, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17a70)) returned 1 [0107.630] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\tZaHaVKBi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\tzahavkbi.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Eg88RvD9 0Q\\NRPhW82cAnOla-nt-U\\D1iL9p 83bubKmetxE\\tZaHaVKBi.csv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eg88rvd9 0q\\nrphw82canola-nt-u\\d1il9p 83bubkmetxe\\tzahavkbi.csv.blackhat")) returned 1 [0107.632] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.632] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.632] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.632] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.632] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.632] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.632] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0107.649] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0107.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.650] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xd8 [0107.650] ReadFile (in: hFile=0x258, lpBuffer=0x228afe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x228afe0*, lpNumberOfBytesRead=0x29e708*=0xd8, lpOverlapped=0x0) returned 1 [0107.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.655] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.655] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.655] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.655] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.655] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.671] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.671] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.671] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0107.678] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.678] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.678] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.678] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 1 [0107.678] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 1 [0107.678] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 1 [0107.678] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0107.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\9y_E.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\9y_e.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.679] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x7f22 [0107.679] ReadFile (in: hFile=0x258, lpBuffer=0x22ebda0, nNumberOfBytesToRead=0x7f22, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22ebda0*, lpNumberOfBytesRead=0x29e708*=0x7f22, lpOverlapped=0x0) returned 1 [0107.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\9y_E.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\9y_e.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\9y_E.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\9y_e.xls"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b94a200, ftCreationTime.dwHighDateTime=0x1d456af, ftLastAccessTime.dwLowDateTime=0x39e4a150, ftLastAccessTime.dwHighDateTime=0x1d4560f, ftLastWriteTime.dwLowDateTime=0x90fbcbb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7f30)) returned 1 [0107.684] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\9y_E.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\9y_e.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\9y_E.xls.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\9y_e.xls.blackhat")) returned 1 [0107.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\D0D09ePmPSw.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\d0d09epmpsw.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.684] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xfa46 [0107.685] ReadFile (in: hFile=0x258, lpBuffer=0x22fc810, nNumberOfBytesToRead=0xfa46, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22fc810*, lpNumberOfBytesRead=0x29e708*=0xfa46, lpOverlapped=0x0) returned 1 [0107.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\D0D09ePmPSw.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\d0d09epmpsw.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\D0D09ePmPSw.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\d0d09epmpsw.xls"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23811450, ftCreationTime.dwHighDateTime=0x1d4563e, ftLastAccessTime.dwLowDateTime=0xd5f16870, ftLastAccessTime.dwHighDateTime=0x1d462a9, ftLastWriteTime.dwLowDateTime=0x90fe2d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xfa50)) returned 1 [0107.689] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\D0D09ePmPSw.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\d0d09epmpsw.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\D0D09ePmPSw.xls.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\d0d09epmpsw.xls.blackhat")) returned 1 [0107.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\L6MUjcS.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\l6mujcs.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.690] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x113be [0107.690] ReadFile (in: hFile=0x258, lpBuffer=0x231c8f8, nNumberOfBytesToRead=0x113be, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x231c8f8*, lpNumberOfBytesRead=0x29e708*=0x113be, lpOverlapped=0x0) returned 1 [0107.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\L6MUjcS.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\l6mujcs.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.694] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\L6MUjcS.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\l6mujcs.xls"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d53730, ftCreationTime.dwHighDateTime=0x1d45ef1, ftLastAccessTime.dwLowDateTime=0xfef562d0, ftLastAccessTime.dwHighDateTime=0x1d45ed0, ftLastWriteTime.dwLowDateTime=0x90fe2d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x113c0)) returned 1 [0107.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\L6MUjcS.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\l6mujcs.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\L6MUjcS.xls.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\l6mujcs.xls.blackhat")) returned 1 [0107.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\mHeg67uPjmtt6jUG18Z.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\mheg67upjmtt6jug18z.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.695] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x8f2 [0107.695] ReadFile (in: hFile=0x258, lpBuffer=0x23405e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x23405e0*, lpNumberOfBytesRead=0x29e708*=0x8f2, lpOverlapped=0x0) returned 1 [0107.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\mHeg67uPjmtt6jUG18Z.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\mheg67upjmtt6jug18z.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\mHeg67uPjmtt6jUG18Z.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\mheg67upjmtt6jug18z.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb0852e0, ftCreationTime.dwHighDateTime=0x1d459dc, ftLastAccessTime.dwLowDateTime=0xe6630850, ftLastAccessTime.dwHighDateTime=0x1d46207, ftLastWriteTime.dwLowDateTime=0x90fe2d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x900)) returned 1 [0107.698] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\mHeg67uPjmtt6jUG18Z.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\mheg67upjmtt6jug18z.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\mHeg67uPjmtt6jUG18Z.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\mheg67upjmtt6jug18z.xlsx.blackhat")) returned 1 [0107.699] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0107.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\fkTWzhKIbqoRg3MMM.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\fktwzhkibqorg3mmm.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.699] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xae86 [0107.699] ReadFile (in: hFile=0x258, lpBuffer=0x2350c60, nNumberOfBytesToRead=0xae86, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x2350c60*, lpNumberOfBytesRead=0x29e708*=0xae86, lpOverlapped=0x0) returned 1 [0107.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\fkTWzhKIbqoRg3MMM.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\fktwzhkibqorg3mmm.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\fkTWzhKIbqoRg3MMM.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\fktwzhkibqorg3mmm.rtf"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53666530, ftCreationTime.dwHighDateTime=0x1d4628c, ftLastAccessTime.dwLowDateTime=0x7076360, ftLastAccessTime.dwHighDateTime=0x1d45ddc, ftLastWriteTime.dwLowDateTime=0x91008e70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xae90)) returned 1 [0107.705] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\fkTWzhKIbqoRg3MMM.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\fktwzhkibqorg3mmm.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\fkTWzhKIbqoRg3MMM.rtf.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\fktwzhkibqorg3mmm.rtf.blackhat")) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.707] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\THFQgfI31hKb_ed-UC_M.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\thfqgfi31hkb_ed-uc_m.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.708] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x9778 [0107.708] ReadFile (in: hFile=0x258, lpBuffer=0x2381578, nNumberOfBytesToRead=0x9778, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x2381578*, lpNumberOfBytesRead=0x29e658*=0x9778, lpOverlapped=0x0) returned 1 [0107.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\THFQgfI31hKb_ed-UC_M.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\thfqgfi31hkb_ed-uc_m.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\THFQgfI31hKb_ed-UC_M.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\thfqgfi31hkb_ed-uc_m.doc"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84e73090, ftCreationTime.dwHighDateTime=0x1d46669, ftLastAccessTime.dwLowDateTime=0xb5cb8ba0, ftLastAccessTime.dwHighDateTime=0x1d457c0, ftLastWriteTime.dwLowDateTime=0x91008e70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9780)) returned 1 [0107.713] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\THFQgfI31hKb_ed-UC_M.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\thfqgfi31hkb_ed-uc_m.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\THFQgfI31hKb_ed-UC_M.doc.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\thfqgfi31hkb_ed-uc_m.doc.blackhat")) returned 1 [0107.713] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\7y4qR.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\7y4qr.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.714] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x3219 [0107.714] ReadFile (in: hFile=0x258, lpBuffer=0x23992e0, nNumberOfBytesToRead=0x3219, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x23992e0*, lpNumberOfBytesRead=0x29e658*=0x3219, lpOverlapped=0x0) returned 1 [0107.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\7y4qR.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\7y4qr.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\7y4qR.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\7y4qr.odt"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x738eb7b0, ftCreationTime.dwHighDateTime=0x1d464dd, ftLastAccessTime.dwLowDateTime=0xf28e0940, ftLastAccessTime.dwHighDateTime=0x1d462e3, ftLastWriteTime.dwLowDateTime=0x9102efd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3220)) returned 1 [0107.718] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\7y4qR.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\7y4qr.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\7y4qR.odt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\7y4qr.odt.blackhat")) returned 1 [0107.719] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\4M RJ.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\4m rj.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.719] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x166ce [0107.719] ReadFile (in: hFile=0x258, lpBuffer=0x123dc280, nNumberOfBytesToRead=0x166ce, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x123dc280*, lpNumberOfBytesRead=0x29e658*=0x166ce, lpOverlapped=0x0) returned 1 [0107.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\4M RJ.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\4m rj.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.727] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\4M RJ.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\4m rj.pdf"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7c56a00, ftCreationTime.dwHighDateTime=0x1d459c1, ftLastAccessTime.dwLowDateTime=0x1a417f70, ftLastAccessTime.dwHighDateTime=0x1d46448, ftLastWriteTime.dwLowDateTime=0x9102efd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x166d0)) returned 1 [0107.727] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\4M RJ.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\4m rj.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uk4blibgBpNxH-0xi\\dqafZPw1S2IFXe\\4M RJ.pdf.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uk4blibgbpnxh-0xi\\dqafzpw1s2ifxe\\4m rj.pdf.blackhat")) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.738] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0OTmfF.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0otmff.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.739] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xf408 [0107.739] ReadFile (in: hFile=0x258, lpBuffer=0x21ba838, nNumberOfBytesToRead=0xf408, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21ba838*, lpNumberOfBytesRead=0x29e7b8*=0xf408, lpOverlapped=0x0) returned 1 [0107.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0OTmfF.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0otmff.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0OTmfF.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0otmff.docx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x763bcdd0, ftCreationTime.dwHighDateTime=0x1d48630, ftLastAccessTime.dwLowDateTime=0x349558a0, ftLastAccessTime.dwHighDateTime=0x1d41147, ftLastWriteTime.dwLowDateTime=0x91055130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf410)) returned 1 [0107.745] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0OTmfF.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0otmff.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0OTmfF.docx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0otmff.docx.blackhat")) returned 1 [0107.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\35unnQG7.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\35unnqg7.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.746] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x10a3d [0107.746] ReadFile (in: hFile=0x258, lpBuffer=0x21d9bc8, nNumberOfBytesToRead=0x10a3d, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21d9bc8*, lpNumberOfBytesRead=0x29e7b8*=0x10a3d, lpOverlapped=0x0) returned 1 [0107.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\35unnQG7.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\35unnqg7.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\35unnQG7.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\35unnqg7.docx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca1ade90, ftCreationTime.dwHighDateTime=0x1d466fb, ftLastAccessTime.dwLowDateTime=0x84658ea0, ftLastAccessTime.dwHighDateTime=0x1d454bc, ftLastWriteTime.dwLowDateTime=0x9107b290, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10a40)) returned 1 [0107.758] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\35unnQG7.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\35unnqg7.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\35unnQG7.docx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\35unnqg7.docx.blackhat")) returned 1 [0107.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9ub6P6QLsFuaDCm.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ub6p6qlsfuadcm.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.759] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x9a1c [0107.759] ReadFile (in: hFile=0x258, lpBuffer=0x21fbbf8, nNumberOfBytesToRead=0x9a1c, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21fbbf8*, lpNumberOfBytesRead=0x29e7b8*=0x9a1c, lpOverlapped=0x0) returned 1 [0107.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9ub6P6QLsFuaDCm.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ub6p6qlsfuadcm.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9ub6P6QLsFuaDCm.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ub6p6qlsfuadcm.docx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987809d0, ftCreationTime.dwHighDateTime=0x1d46d72, ftLastAccessTime.dwLowDateTime=0xe3186500, ftLastAccessTime.dwHighDateTime=0x1d46e9b, ftLastWriteTime.dwLowDateTime=0x910a13f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9a20)) returned 1 [0107.764] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9ub6P6QLsFuaDCm.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ub6p6qlsfuadcm.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9ub6P6QLsFuaDCm.docx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ub6p6qlsfuadcm.docx.blackhat")) returned 1 [0107.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d42p2M.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d42p2m.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.765] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x861a [0107.765] ReadFile (in: hFile=0x258, lpBuffer=0x220fc08, nNumberOfBytesToRead=0x861a, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x220fc08*, lpNumberOfBytesRead=0x29e7b8*=0x861a, lpOverlapped=0x0) returned 1 [0107.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d42p2M.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d42p2m.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.769] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d42p2M.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d42p2m.docx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1cb0c7b0, ftCreationTime.dwHighDateTime=0x1d40643, ftLastAccessTime.dwLowDateTime=0xbb6b0970, ftLastAccessTime.dwHighDateTime=0x1d42ea6, ftLastWriteTime.dwLowDateTime=0x910a13f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8620)) returned 1 [0107.769] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d42p2M.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d42p2m.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d42p2M.docx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d42p2m.docx.blackhat")) returned 1 [0107.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XQU3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xqu3.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.770] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x175c9 [0107.771] ReadFile (in: hFile=0x258, lpBuffer=0x12409090, nNumberOfBytesToRead=0x175c9, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x12409090*, lpNumberOfBytesRead=0x29e7b8*=0x175c9, lpOverlapped=0x0) returned 1 [0107.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XQU3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xqu3.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XQU3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xqu3.docx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1886a1a0, ftCreationTime.dwHighDateTime=0x1d43e4c, ftLastAccessTime.dwLowDateTime=0xcb00eb80, ftLastAccessTime.dwHighDateTime=0x1d41faf, ftLastWriteTime.dwLowDateTime=0x910c7550, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x175d0)) returned 1 [0107.779] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XQU3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xqu3.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XQU3.docx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xqu3.docx.blackhat")) returned 1 [0107.780] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.781] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.781] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.781] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.781] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.781] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1vWfqsjVTWGSUS.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1vwfqsjvtwgsus.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.781] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1a1e [0107.781] ReadFile (in: hFile=0x258, lpBuffer=0x2223c50, nNumberOfBytesToRead=0x1a1e, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2223c50*, lpNumberOfBytesRead=0x29e7b8*=0x1a1e, lpOverlapped=0x0) returned 1 [0107.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1vWfqsjVTWGSUS.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1vwfqsjvtwgsus.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1vWfqsjVTWGSUS.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1vwfqsjvtwgsus.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4666340, ftCreationTime.dwHighDateTime=0x1d4446d, ftLastAccessTime.dwLowDateTime=0x4284a610, ftLastAccessTime.dwHighDateTime=0x1d466aa, ftLastWriteTime.dwLowDateTime=0x910c7550, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a20)) returned 1 [0107.784] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1vWfqsjVTWGSUS.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1vwfqsjvtwgsus.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1vWfqsjVTWGSUS.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1vwfqsjvtwgsus.xlsx.blackhat")) returned 1 [0107.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4Pc8-sXU26qE6QH0H.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4pc8-sxu26qe6qh0h.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.785] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x18b8c [0107.786] ReadFile (in: hFile=0x258, lpBuffer=0x12437ca0, nNumberOfBytesToRead=0x18b8c, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x12437ca0*, lpNumberOfBytesRead=0x29e7b8*=0x18b8c, lpOverlapped=0x0) returned 1 [0107.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4Pc8-sXU26qE6QH0H.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4pc8-sxu26qe6qh0h.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4Pc8-sXU26qE6QH0H.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4pc8-sxu26qe6qh0h.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb94fa10, ftCreationTime.dwHighDateTime=0x1d42a28, ftLastAccessTime.dwLowDateTime=0x7b77daa0, ftLastAccessTime.dwHighDateTime=0x1d4536d, ftLastWriteTime.dwLowDateTime=0x910c7550, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18b90)) returned 1 [0107.794] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4Pc8-sXU26qE6QH0H.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4pc8-sxu26qe6qh0h.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4Pc8-sXU26qE6QH0H.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4pc8-sxu26qe6qh0h.xlsx.blackhat")) returned 1 [0107.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ARUZ5zbfJrACZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aruz5zbfjracz.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.795] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x174f7 [0107.795] ReadFile (in: hFile=0x258, lpBuffer=0x12469430, nNumberOfBytesToRead=0x174f7, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x12469430*, lpNumberOfBytesRead=0x29e7b8*=0x174f7, lpOverlapped=0x0) returned 1 [0107.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ARUZ5zbfJrACZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aruz5zbfjracz.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ARUZ5zbfJrACZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aruz5zbfjracz.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8555710, ftCreationTime.dwHighDateTime=0x1d40c4e, ftLastAccessTime.dwLowDateTime=0x41e0a9c0, ftLastAccessTime.dwHighDateTime=0x1d42d16, ftLastWriteTime.dwLowDateTime=0x910ed6b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17500)) returned 1 [0107.804] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ARUZ5zbfJrACZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aruz5zbfjracz.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ARUZ5zbfJrACZ.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aruz5zbfjracz.xlsx.blackhat")) returned 1 [0107.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HTlp087HTBWFYn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\htlp087htbwfyn.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.804] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xd970 [0107.805] ReadFile (in: hFile=0x258, lpBuffer=0x22293d8, nNumberOfBytesToRead=0xd970, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22293d8*, lpNumberOfBytesRead=0x29e7b8*=0xd970, lpOverlapped=0x0) returned 1 [0107.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HTlp087HTBWFYn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\htlp087htbwfyn.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HTlp087HTBWFYn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\htlp087htbwfyn.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4dbb840, ftCreationTime.dwHighDateTime=0x1d422f2, ftLastAccessTime.dwLowDateTime=0x58ba8740, ftLastAccessTime.dwHighDateTime=0x1d45ec3, ftLastWriteTime.dwLowDateTime=0x91113810, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd980)) returned 1 [0107.810] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HTlp087HTBWFYn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\htlp087htbwfyn.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HTlp087HTBWFYn.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\htlp087htbwfyn.xlsx.blackhat")) returned 1 [0107.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U9Lb y3tVAO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u9lb y3tvao.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.811] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xc096 [0107.811] ReadFile (in: hFile=0x258, lpBuffer=0x2245298, nNumberOfBytesToRead=0xc096, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2245298*, lpNumberOfBytesRead=0x29e7b8*=0xc096, lpOverlapped=0x0) returned 1 [0107.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U9Lb y3tVAO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u9lb y3tvao.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U9Lb y3tVAO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u9lb y3tvao.xls"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd6dc7a0, ftCreationTime.dwHighDateTime=0x1d461d3, ftLastAccessTime.dwLowDateTime=0x4ff4f430, ftLastAccessTime.dwHighDateTime=0x1d45eb2, ftLastWriteTime.dwLowDateTime=0x91113810, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc0a0)) returned 1 [0107.817] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U9Lb y3tVAO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u9lb y3tvao.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U9Lb y3tVAO.xls.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u9lb y3tvao.xls.blackhat")) returned 1 [0107.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YElre7Ah.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yelre7ah.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.817] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xf88c [0107.817] ReadFile (in: hFile=0x258, lpBuffer=0x225df78, nNumberOfBytesToRead=0xf88c, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x225df78*, lpNumberOfBytesRead=0x29e7b8*=0xf88c, lpOverlapped=0x0) returned 1 [0107.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YElre7Ah.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yelre7ah.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.824] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YElre7Ah.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yelre7ah.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x270fd9a0, ftCreationTime.dwHighDateTime=0x1d47f6d, ftLastAccessTime.dwLowDateTime=0x2b10d900, ftLastAccessTime.dwHighDateTime=0x1d41631, ftLastWriteTime.dwLowDateTime=0x91113810, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf890)) returned 1 [0107.824] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YElre7Ah.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yelre7ah.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YElre7Ah.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yelre7ah.xlsx.blackhat")) returned 1 [0107.825] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.826] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.826] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.826] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.826] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.826] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Za7P f.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5za7p f.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.826] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x6a98 [0107.826] ReadFile (in: hFile=0x258, lpBuffer=0x227f920, nNumberOfBytesToRead=0x6a98, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x227f920*, lpNumberOfBytesRead=0x29e7b8*=0x6a98, lpOverlapped=0x0) returned 1 [0107.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Za7P f.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5za7p f.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Za7P f.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5za7p f.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17feb010, ftCreationTime.dwHighDateTime=0x1d43a32, ftLastAccessTime.dwLowDateTime=0xe3ab96b0, ftLastAccessTime.dwHighDateTime=0x1d454a4, ftLastWriteTime.dwLowDateTime=0x91139970, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6aa0)) returned 1 [0107.831] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Za7P f.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5za7p f.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Za7P f.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5za7p f.pptx.blackhat")) returned 1 [0107.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AEyp9Uli.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeyp9uli.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.831] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xeccd [0107.831] ReadFile (in: hFile=0x258, lpBuffer=0x228d9e8, nNumberOfBytesToRead=0xeccd, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x228d9e8*, lpNumberOfBytesRead=0x29e7b8*=0xeccd, lpOverlapped=0x0) returned 1 [0107.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AEyp9Uli.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeyp9uli.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AEyp9Uli.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeyp9uli.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc59b6a60, ftCreationTime.dwHighDateTime=0x1d4422f, ftLastAccessTime.dwLowDateTime=0x5201e380, ftLastAccessTime.dwHighDateTime=0x1d4162a, ftLastWriteTime.dwLowDateTime=0x91139970, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xecd0)) returned 1 [0107.837] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AEyp9Uli.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeyp9uli.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AEyp9Uli.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aeyp9uli.pptx.blackhat")) returned 1 [0107.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JyJdSqIe 2Z0R.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jyjdsqie 2z0r.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.838] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x46e8 [0107.838] ReadFile (in: hFile=0x258, lpBuffer=0x22abf28, nNumberOfBytesToRead=0x46e8, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22abf28*, lpNumberOfBytesRead=0x29e7b8*=0x46e8, lpOverlapped=0x0) returned 1 [0107.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JyJdSqIe 2Z0R.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jyjdsqie 2z0r.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JyJdSqIe 2Z0R.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jyjdsqie 2z0r.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd435f450, ftCreationTime.dwHighDateTime=0x1d430fa, ftLastAccessTime.dwLowDateTime=0xd0d64280, ftLastAccessTime.dwHighDateTime=0x1d45952, ftLastWriteTime.dwLowDateTime=0x9115fad0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x46f0)) returned 1 [0107.843] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JyJdSqIe 2Z0R.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jyjdsqie 2z0r.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JyJdSqIe 2Z0R.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jyjdsqie 2z0r.pptx.blackhat")) returned 1 [0107.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LeXwIjKpN.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lexwijkpn.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.844] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x18007 [0107.844] ReadFile (in: hFile=0x258, lpBuffer=0x12497e98, nNumberOfBytesToRead=0x18007, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x12497e98*, lpNumberOfBytesRead=0x29e7b8*=0x18007, lpOverlapped=0x0) returned 1 [0107.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LeXwIjKpN.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lexwijkpn.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LeXwIjKpN.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lexwijkpn.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcaa6ecf0, ftCreationTime.dwHighDateTime=0x1d44293, ftLastAccessTime.dwLowDateTime=0x3f2609a0, ftLastAccessTime.dwHighDateTime=0x1d48365, ftLastWriteTime.dwLowDateTime=0x9115fad0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18010)) returned 1 [0107.856] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LeXwIjKpN.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lexwijkpn.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LeXwIjKpN.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lexwijkpn.pptx.blackhat")) returned 1 [0107.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NCGvpor.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ncgvpor.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.857] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xd5ae [0107.857] ReadFile (in: hFile=0x258, lpBuffer=0x21a62e8, nNumberOfBytesToRead=0xd5ae, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21a62e8*, lpNumberOfBytesRead=0x29e7b8*=0xd5ae, lpOverlapped=0x0) returned 1 [0107.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NCGvpor.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ncgvpor.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NCGvpor.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ncgvpor.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb65ac380, ftCreationTime.dwHighDateTime=0x1d4450d, ftLastAccessTime.dwLowDateTime=0x6fc3e480, ftLastAccessTime.dwHighDateTime=0x1d44a38, ftLastWriteTime.dwLowDateTime=0x91185c30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd5b0)) returned 1 [0107.863] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NCGvpor.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ncgvpor.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NCGvpor.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ncgvpor.pptx.blackhat")) returned 1 [0107.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YH18pEPew.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yh18pepew.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.863] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x10639 [0107.863] ReadFile (in: hFile=0x258, lpBuffer=0x21c19d8, nNumberOfBytesToRead=0x10639, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21c19d8*, lpNumberOfBytesRead=0x29e7b8*=0x10639, lpOverlapped=0x0) returned 1 [0107.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YH18pEPew.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yh18pepew.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YH18pEPew.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yh18pepew.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48e95900, ftCreationTime.dwHighDateTime=0x1d45805, ftLastAccessTime.dwLowDateTime=0xd4dff500, ftLastAccessTime.dwHighDateTime=0x1d465b5, ftLastWriteTime.dwLowDateTime=0x91185c30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10640)) returned 1 [0107.870] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YH18pEPew.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yh18pepew.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YH18pEPew.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yh18pepew.pptx.blackhat")) returned 1 [0107.871] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y OWQ5DY5.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y owq5dy5.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.871] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x2890 [0107.871] ReadFile (in: hFile=0x258, lpBuffer=0x21e4470, nNumberOfBytesToRead=0x2890, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21e4470*, lpNumberOfBytesRead=0x29e7b8*=0x2890, lpOverlapped=0x0) returned 1 [0107.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y OWQ5DY5.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y owq5dy5.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y OWQ5DY5.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y owq5dy5.odt"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2af4da20, ftCreationTime.dwHighDateTime=0x1d46320, ftLastAccessTime.dwLowDateTime=0xdf6e7350, ftLastAccessTime.dwHighDateTime=0x1d45743, ftLastWriteTime.dwLowDateTime=0x911abd90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x28a0)) returned 1 [0107.881] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y OWQ5DY5.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y owq5dy5.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y OWQ5DY5.odt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y owq5dy5.odt.blackhat")) returned 1 [0107.884] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.884] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x192 [0107.885] ReadFile (in: hFile=0x258, lpBuffer=0x21fca60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x21fca60*, lpNumberOfBytesRead=0x29e7b8*=0x192, lpOverlapped=0x0) returned 1 [0107.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.889] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0 [0107.890] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 1 [0107.890] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 1 [0107.890] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 1 [0107.891] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0107.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\-2MV6FGAE4D1-PP.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\-2mv6fgae4d1-pp.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.891] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xf0a8 [0107.891] ReadFile (in: hFile=0x258, lpBuffer=0x2217a60, nNumberOfBytesToRead=0xf0a8, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x2217a60*, lpNumberOfBytesRead=0x29e708*=0xf0a8, lpOverlapped=0x0) returned 1 [0107.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\-2MV6FGAE4D1-PP.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\-2mv6fgae4d1-pp.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\-2MV6FGAE4D1-PP.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\-2mv6fgae4d1-pp.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2084bd0, ftCreationTime.dwHighDateTime=0x1d45d48, ftLastAccessTime.dwLowDateTime=0xe5a69380, ftLastAccessTime.dwHighDateTime=0x1d46001, ftLastWriteTime.dwLowDateTime=0x911d1ef0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf0b0)) returned 1 [0107.897] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\-2MV6FGAE4D1-PP.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\-2mv6fgae4d1-pp.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\-2MV6FGAE4D1-PP.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\-2mv6fgae4d1-pp.mp3.blackhat")) returned 1 [0107.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\gTjhnqOy4Y6uQOLrgmIL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gtjhnqoy4y6uqolrgmil.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.898] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xcac4 [0107.898] ReadFile (in: hFile=0x258, lpBuffer=0x22367c0, nNumberOfBytesToRead=0xcac4, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22367c0*, lpNumberOfBytesRead=0x29e708*=0xcac4, lpOverlapped=0x0) returned 1 [0107.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\gTjhnqOy4Y6uQOLrgmIL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gtjhnqoy4y6uqolrgmil.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\gTjhnqOy4Y6uQOLrgmIL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gtjhnqoy4y6uqolrgmil.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd0af970, ftCreationTime.dwHighDateTime=0x1d45a7a, ftLastAccessTime.dwLowDateTime=0xc16a1960, ftLastAccessTime.dwHighDateTime=0x1d46434, ftLastWriteTime.dwLowDateTime=0x911f8050, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xcad0)) returned 1 [0107.904] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\gTjhnqOy4Y6uQOLrgmIL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gtjhnqoy4y6uqolrgmil.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\gTjhnqOy4Y6uQOLrgmIL.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gtjhnqoy4y6uqolrgmil.mp3.blackhat")) returned 1 [0107.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\uLNBnFOJLg4PZQute.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\ulnbnfojlg4pzqute.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.905] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xf433 [0107.905] ReadFile (in: hFile=0x258, lpBuffer=0x22509a0, nNumberOfBytesToRead=0xf433, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22509a0*, lpNumberOfBytesRead=0x29e708*=0xf433, lpOverlapped=0x0) returned 1 [0107.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\uLNBnFOJLg4PZQute.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\ulnbnfojlg4pzqute.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.911] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\uLNBnFOJLg4PZQute.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\ulnbnfojlg4pzqute.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55ec62d0, ftCreationTime.dwHighDateTime=0x1d460d6, ftLastAccessTime.dwLowDateTime=0xa0c12e00, ftLastAccessTime.dwHighDateTime=0x1d45a08, ftLastWriteTime.dwLowDateTime=0x911f8050, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf440)) returned 1 [0107.911] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\uLNBnFOJLg4PZQute.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\ulnbnfojlg4pzqute.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\uLNBnFOJLg4PZQute.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\ulnbnfojlg4pzqute.mp3.blackhat")) returned 1 [0107.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\Z fmR2eTtcFjruZNPelJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\z fmr2ettcfjruznpelj.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.911] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xe72 [0107.911] ReadFile (in: hFile=0x258, lpBuffer=0x2270ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x2270ce0*, lpNumberOfBytesRead=0x29e708*=0xe72, lpOverlapped=0x0) returned 1 [0107.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\Z fmR2eTtcFjruZNPelJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\z fmr2ettcfjruznpelj.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\Z fmR2eTtcFjruZNPelJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\z fmr2ettcfjruznpelj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb99a8530, ftCreationTime.dwHighDateTime=0x1d45d77, ftLastAccessTime.dwLowDateTime=0x65e4a450, ftLastAccessTime.dwHighDateTime=0x1d4582e, ftLastWriteTime.dwLowDateTime=0x911f8050, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe80)) returned 1 [0107.914] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\Z fmR2eTtcFjruZNPelJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\z fmr2ettcfjruznpelj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\Z fmR2eTtcFjruZNPelJ.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\z fmr2ettcfjruznpelj.mp3.blackhat")) returned 1 [0107.916] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.916] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.917] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.918] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0107.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\GvKC\\i1XgX9TroNr_mjR3p.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gvkc\\i1xgx9tronr_mjr3p.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.918] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x9425 [0107.918] ReadFile (in: hFile=0x258, lpBuffer=0x2299280, nNumberOfBytesToRead=0x9425, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x2299280*, lpNumberOfBytesRead=0x29e658*=0x9425, lpOverlapped=0x0) returned 1 [0107.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\GvKC\\i1XgX9TroNr_mjR3p.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gvkc\\i1xgx9tronr_mjr3p.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.923] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\GvKC\\i1XgX9TroNr_mjR3p.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gvkc\\i1xgx9tronr_mjr3p.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56103d70, ftCreationTime.dwHighDateTime=0x1d45cc3, ftLastAccessTime.dwLowDateTime=0xbeead880, ftLastAccessTime.dwHighDateTime=0x1d46337, ftLastWriteTime.dwLowDateTime=0x9121e1b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9430)) returned 1 [0107.924] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\GvKC\\i1XgX9TroNr_mjR3p.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gvkc\\i1xgx9tronr_mjr3p.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w0zGj7\\GvKC\\i1XgX9TroNr_mjR3p.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w0zgj7\\gvkc\\i1xgx9tronr_mjr3p.mp3.blackhat")) returned 1 [0107.925] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.926] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0107.928] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.928] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.928] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0107.928] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0107.929] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0107.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ZFo3TKP_T3N4\\5htjrcrDH_aQIKa.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zfo3tkp_t3n4\\5htjrcrdh_aqika.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.929] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xb3ff [0107.929] ReadFile (in: hFile=0x258, lpBuffer=0x22fa758, nNumberOfBytesToRead=0xb3ff, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22fa758*, lpNumberOfBytesRead=0x29e708*=0xb3ff, lpOverlapped=0x0) returned 1 [0107.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ZFo3TKP_T3N4\\5htjrcrDH_aQIKa.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zfo3tkp_t3n4\\5htjrcrdh_aqika.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ZFo3TKP_T3N4\\5htjrcrDH_aQIKa.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zfo3tkp_t3n4\\5htjrcrdh_aqika.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fbd7b00, ftCreationTime.dwHighDateTime=0x1d46607, ftLastAccessTime.dwLowDateTime=0x4b852bd0, ftLastAccessTime.dwHighDateTime=0x1d461c4, ftLastWriteTime.dwLowDateTime=0x91244310, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb400)) returned 1 [0107.935] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ZFo3TKP_T3N4\\5htjrcrDH_aQIKa.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zfo3tkp_t3n4\\5htjrcrdh_aqika.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ZFo3TKP_T3N4\\5htjrcrDH_aQIKa.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zfo3tkp_t3n4\\5htjrcrdh_aqika.mp3.blackhat")) returned 1 [0107.937] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.937] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.937] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.937] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.937] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.937] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.938] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0107.938] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FKAtl1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fkatl1.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.938] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x6900 [0107.938] ReadFile (in: hFile=0x258, lpBuffer=0x23357f8, nNumberOfBytesToRead=0x6900, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x23357f8*, lpNumberOfBytesRead=0x29e7b8*=0x6900, lpOverlapped=0x0) returned 1 [0107.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FKAtl1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fkatl1.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FKAtl1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fkatl1.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x550df510, ftCreationTime.dwHighDateTime=0x1d45954, ftLastAccessTime.dwLowDateTime=0x7648b240, ftLastAccessTime.dwHighDateTime=0x1d45c03, ftLastWriteTime.dwLowDateTime=0x91244310, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6910)) returned 1 [0107.942] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FKAtl1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fkatl1.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FKAtl1.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fkatl1.mp3.blackhat")) returned 1 [0107.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vV97l9lzxg2m6K.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vv97l9lzxg2m6k.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.943] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x69d6 [0107.943] ReadFile (in: hFile=0x258, lpBuffer=0x2343560, nNumberOfBytesToRead=0x69d6, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2343560*, lpNumberOfBytesRead=0x29e7b8*=0x69d6, lpOverlapped=0x0) returned 1 [0107.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vV97l9lzxg2m6K.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vv97l9lzxg2m6k.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vV97l9lzxg2m6K.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vv97l9lzxg2m6k.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99cc2290, ftCreationTime.dwHighDateTime=0x1d45c23, ftLastAccessTime.dwLowDateTime=0x75a3ec90, ftLastAccessTime.dwHighDateTime=0x1d45e0d, ftLastWriteTime.dwLowDateTime=0x91244310, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x69e0)) returned 1 [0107.946] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vV97l9lzxg2m6K.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vv97l9lzxg2m6k.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vV97l9lzxg2m6K.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vv97l9lzxg2m6k.mp3.blackhat")) returned 1 [0107.947] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0107.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.947] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1f8 [0107.947] ReadFile (in: hFile=0x258, lpBuffer=0x235bde8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x235bde8*, lpNumberOfBytesRead=0x29e7b8*=0x1f8, lpOverlapped=0x0) returned 1 [0107.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.951] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.951] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.951] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.951] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0107.951] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0 [0107.952] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0107.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0107.953] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x91 [0107.953] ReadFile (in: hFile=0x258, lpBuffer=0x23884d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x23884d8*, lpNumberOfBytesRead=0x29e708*=0x91, lpOverlapped=0x0) returned 1 [0107.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.956] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.956] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.956] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.956] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0107.956] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0107.960] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.960] FindNextFileW (in: hFindFile=0x1a95fe50, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0107.962] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x91 [0107.967] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x91 [0107.973] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x91 [0107.989] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xd8 [0108.193] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x192 [0108.198] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x11a [0108.219] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xd8 [0108.239] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x192 [0108.243] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xd66e [0108.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\2VxtV24zm0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\2vxtv24zm0.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63f94c30, ftCreationTime.dwHighDateTime=0x1d45ba9, ftLastAccessTime.dwLowDateTime=0xacee1330, ftLastAccessTime.dwHighDateTime=0x1d462c5, ftLastWriteTime.dwLowDateTime=0x9153de90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd670)) returned 1 [0108.249] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\2VxtV24zm0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\2vxtv24zm0.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\2VxtV24zm0.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\2vxtv24zm0.jpg.blackhat")) returned 1 [0108.250] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x14b07 [0108.257] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\6BrC-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\6brc-.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab702c40, ftCreationTime.dwHighDateTime=0x1d459f2, ftLastAccessTime.dwLowDateTime=0x7e89a750, ftLastAccessTime.dwHighDateTime=0x1d45fca, ftLastWriteTime.dwLowDateTime=0x9153de90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x14b10)) returned 1 [0108.257] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\6BrC-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\6brc-.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\6BrC-.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\6brc-.jpg.blackhat")) returned 1 [0108.257] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x3783 [0108.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\b9Gsq.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\b9gsq.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb483850, ftCreationTime.dwHighDateTime=0x1d463e5, ftLastAccessTime.dwLowDateTime=0x298471c0, ftLastAccessTime.dwHighDateTime=0x1d46503, ftLastWriteTime.dwLowDateTime=0x9153de90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3790)) returned 1 [0108.261] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\b9Gsq.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\b9gsq.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\b9Gsq.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\b9gsq.jpg.blackhat")) returned 1 [0108.262] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x167b2 [0108.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\yyj0_JFiIUWTXBCk6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\yyj0_jfiiuwtxbck6.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8758f0, ftCreationTime.dwHighDateTime=0x1d456fd, ftLastAccessTime.dwLowDateTime=0x80320cf0, ftLastAccessTime.dwHighDateTime=0x1d45ca5, ftLastWriteTime.dwLowDateTime=0x91563ff0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x167c0)) returned 1 [0108.269] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\yyj0_JFiIUWTXBCk6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\yyj0_jfiiuwtxbck6.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\yyj0_JFiIUWTXBCk6.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\yyj0_jfiiuwtxbck6.jpg.blackhat")) returned 1 [0108.270] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x10dec [0108.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\x2iq4XICZpk D808.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\x2iq4xiczpk d808.png"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf916ce0, ftCreationTime.dwHighDateTime=0x1d45933, ftLastAccessTime.dwLowDateTime=0x10973f80, ftLastAccessTime.dwHighDateTime=0x1d459b4, ftLastWriteTime.dwLowDateTime=0x91563ff0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10df0)) returned 1 [0108.276] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\x2iq4XICZpk D808.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\x2iq4xiczpk d808.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8NTidvOEMXsM3 N_\\x2iq4XICZpk D808.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8ntidvoemxsm3 n_\\x2iq4xiczpk d808.png.blackhat")) returned 1 [0108.279] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x178f9 [0108.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\fCQ5qbAZofOaLfUx9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\fcq5qbazofoalfux9.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff623a40, ftCreationTime.dwHighDateTime=0x1d45d63, ftLastAccessTime.dwLowDateTime=0x7f17b0f0, ftLastAccessTime.dwHighDateTime=0x1d45ab0, ftLastWriteTime.dwLowDateTime=0x9158a150, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17900)) returned 1 [0108.289] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\fCQ5qbAZofOaLfUx9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\fcq5qbazofoalfux9.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\fCQ5qbAZofOaLfUx9.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\fcq5qbazofoalfux9.jpg.blackhat")) returned 1 [0108.290] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xfe4f [0108.296] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\1a0wyFKTXd9V6C.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\1a0wyfktxd9v6c.png"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x820971b0, ftCreationTime.dwHighDateTime=0x1d45897, ftLastAccessTime.dwLowDateTime=0x87ae0760, ftLastAccessTime.dwHighDateTime=0x1d45d16, ftLastWriteTime.dwLowDateTime=0x915b02b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xfe50)) returned 1 [0108.296] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\1a0wyFKTXd9V6C.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\1a0wyfktxd9v6c.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\1a0wyFKTXd9V6C.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\1a0wyfktxd9v6c.png.blackhat")) returned 1 [0108.297] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x77bd [0108.301] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\jccB0GTXmCvr0T.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\jccb0gtxmcvr0t.png"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5e75f10, ftCreationTime.dwHighDateTime=0x1d458ac, ftLastAccessTime.dwLowDateTime=0x434930e0, ftLastAccessTime.dwHighDateTime=0x1d458fc, ftLastWriteTime.dwLowDateTime=0x915b02b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x77c0)) returned 1 [0108.302] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\jccB0GTXmCvr0T.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\jccb0gtxmcvr0t.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UDS8GLwtwz9hdtobXdla\\jccB0GTXmCvr0T.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uds8glwtwz9hdtobxdla\\jccb0gtxmcvr0t.png.blackhat")) returned 1 [0108.305] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1057b [0108.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\E UIU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\e uiu.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3b61ff0, ftCreationTime.dwHighDateTime=0x1d46642, ftLastAccessTime.dwLowDateTime=0x61b5db40, ftLastAccessTime.dwHighDateTime=0x1d45cae, ftLastWriteTime.dwLowDateTime=0x915d6410, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10580)) returned 1 [0108.311] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\E UIU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\e uiu.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\E UIU.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\e uiu.jpg.blackhat")) returned 1 [0108.313] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xfc91 [0108.322] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\n5aAyWEVTqMft-U_VCBk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\n5aaywevtqmft-u_vcbk.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2e41380, ftCreationTime.dwHighDateTime=0x1d45b04, ftLastAccessTime.dwLowDateTime=0x8b593e30, ftLastAccessTime.dwHighDateTime=0x1d464ef, ftLastWriteTime.dwLowDateTime=0x915d6410, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xfca0)) returned 1 [0108.322] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\n5aAyWEVTqMft-U_VCBk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\n5aaywevtqmft-u_vcbk.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\n5aAyWEVTqMft-U_VCBk.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\n5aaywevtqmft-u_vcbk.gif.blackhat")) returned 1 [0108.323] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x3c91 [0108.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Xo3H0stM0ds.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\xo3h0stm0ds.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3444380, ftCreationTime.dwHighDateTime=0x1d461b6, ftLastAccessTime.dwLowDateTime=0xf180060, ftLastAccessTime.dwHighDateTime=0x1d46466, ftLastWriteTime.dwLowDateTime=0x915fc570, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3ca0)) returned 1 [0108.326] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Xo3H0stM0ds.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\xo3h0stm0ds.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Xo3H0stM0ds.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\xo3h0stm0ds.gif.blackhat")) returned 1 [0108.327] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xbd93 [0108.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\VPwgVJ V6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\vpwgvj v6.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ce490e0, ftCreationTime.dwHighDateTime=0x1d45719, ftLastAccessTime.dwLowDateTime=0xbc2047b0, ftLastAccessTime.dwHighDateTime=0x1d45af0, ftLastWriteTime.dwLowDateTime=0x915fc570, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xbda0)) returned 1 [0108.333] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\VPwgVJ V6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\vpwgvj v6.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\VPwgVJ V6.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\vpwgvj v6.jpg.blackhat")) returned 1 [0108.334] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x10bc8 [0108.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\mwp19bN3v8nT3Zo3dB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\mwp19bn3v8nt3zo3db.png"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x170be9f0, ftCreationTime.dwHighDateTime=0x1d45631, ftLastAccessTime.dwLowDateTime=0x171b1450, ftLastAccessTime.dwHighDateTime=0x1d45d04, ftLastWriteTime.dwLowDateTime=0x915fc570, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10bd0)) returned 1 [0108.341] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\mwp19bN3v8nT3Zo3dB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\mwp19bn3v8nt3zo3db.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\mwp19bN3v8nT3Zo3dB.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\mwp19bn3v8nt3zo3db.png.blackhat")) returned 1 [0108.346] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x3a61 [0108.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\Lh 9CMcgdsa.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\lh 9cmcgdsa.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x274dfbc0, ftCreationTime.dwHighDateTime=0x1d45bd9, ftLastAccessTime.dwLowDateTime=0x63e39680, ftLastAccessTime.dwHighDateTime=0x1d459d6, ftLastWriteTime.dwLowDateTime=0x916226d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3a70)) returned 1 [0108.350] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\Lh 9CMcgdsa.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\lh 9cmcgdsa.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\Lh 9CMcgdsa.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\lh 9cmcgdsa.gif.blackhat")) returned 1 [0108.351] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x137e4 [0108.358] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\A6Bo\\Ycp3Y7Jtc2F-hCHlmjp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\a6bo\\ycp3y7jtc2f-hchlmjp.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa73aa990, ftCreationTime.dwHighDateTime=0x1d45f7c, ftLastAccessTime.dwLowDateTime=0x35b61020, ftLastAccessTime.dwHighDateTime=0x1d459af, ftLastWriteTime.dwLowDateTime=0x91648830, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x137f0)) returned 1 [0108.358] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\A6Bo\\Ycp3Y7Jtc2F-hCHlmjp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\a6bo\\ycp3y7jtc2f-hchlmjp.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\A6Bo\\Ycp3Y7Jtc2F-hCHlmjp.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\a6bo\\ycp3y7jtc2f-hchlmjp.jpg.blackhat")) returned 1 [0108.359] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x89cd [0108.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\A6Bo\\ZIg1KxOR2EeBsVBPX.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\a6bo\\zig1kxor2eebsvbpx.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4cafe70, ftCreationTime.dwHighDateTime=0x1d45f2e, ftLastAccessTime.dwLowDateTime=0x6b43fea0, ftLastAccessTime.dwHighDateTime=0x1d46116, ftLastWriteTime.dwLowDateTime=0x91648830, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x89d0)) returned 1 [0108.364] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\A6Bo\\ZIg1KxOR2EeBsVBPX.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\a6bo\\zig1kxor2eebsvbpx.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\acl-DpKaW 5fpZHwidq\\A6Bo\\ZIg1KxOR2EeBsVBPX.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\acl-dpkaw 5fpzhwidq\\a6bo\\zig1kxor2eebsvbpx.jpg.blackhat")) returned 1 [0108.366] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x678b [0108.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\JjU2X5DIuc7bpgi9dC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\jju2x5diuc7bpgi9dc.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83713950, ftCreationTime.dwHighDateTime=0x1d461fe, ftLastAccessTime.dwLowDateTime=0xffc94de0, ftLastAccessTime.dwHighDateTime=0x1d45e7e, ftLastWriteTime.dwLowDateTime=0x91648830, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6790)) returned 1 [0108.371] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\JjU2X5DIuc7bpgi9dC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\jju2x5diuc7bpgi9dc.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\JjU2X5DIuc7bpgi9dC.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\jju2x5diuc7bpgi9dc.jpg.blackhat")) returned 1 [0108.371] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x50b3 [0108.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\rrfdhHTBH.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\rrfdhhtbh.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bc194b0, ftCreationTime.dwHighDateTime=0x1d45963, ftLastAccessTime.dwLowDateTime=0x1f6b050, ftLastAccessTime.dwHighDateTime=0x1d46481, ftLastWriteTime.dwLowDateTime=0x9166e990, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x50c0)) returned 1 [0108.375] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\rrfdhHTBH.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\rrfdhhtbh.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\rrfdhHTBH.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\rrfdhhtbh.jpg.blackhat")) returned 1 [0108.376] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11756 [0108.383] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\oROFcQ98mz_JRa1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\orofcq98mz_jra1.png"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc3f4e40, ftCreationTime.dwHighDateTime=0x1d465fb, ftLastAccessTime.dwLowDateTime=0x80e7cba0, ftLastAccessTime.dwHighDateTime=0x1d45be5, ftLastWriteTime.dwLowDateTime=0x9166e990, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x11760)) returned 1 [0108.383] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\oROFcQ98mz_JRa1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\orofcq98mz_jra1.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\oROFcQ98mz_JRa1.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\orofcq98mz_jra1.png.blackhat")) returned 1 [0108.383] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xc6e [0108.386] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\QCvY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\qcvy.png"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b2e2c80, ftCreationTime.dwHighDateTime=0x1d46648, ftLastAccessTime.dwLowDateTime=0xe0e25760, ftLastAccessTime.dwHighDateTime=0x1d46143, ftLastWriteTime.dwLowDateTime=0x9166e990, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc70)) returned 1 [0108.387] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\QCvY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\qcvy.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xEh-oxAfvWyU\\Z7CUv9GKgYKFuMe92i2\\QCvY.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xeh-oxafvwyu\\z7cuv9gkgykfume92i2\\qcvy.png.blackhat")) returned 1 [0108.550] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x7d52 [0108.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\V5C3bQhDkzh_Xq_mz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\v5c3bqhdkzh_xq_mz.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c7db20, ftCreationTime.dwHighDateTime=0x1d45be3, ftLastAccessTime.dwLowDateTime=0xae53bf70, ftLastAccessTime.dwHighDateTime=0x1d460dd, ftLastWriteTime.dwLowDateTime=0x918118b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7d60)) returned 1 [0108.554] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\V5C3bQhDkzh_Xq_mz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\v5c3bqhdkzh_xq_mz.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\V5C3bQhDkzh_Xq_mz.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\v5c3bqhdkzh_xq_mz.jpg.blackhat")) returned 1 [0108.554] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x14560 [0108.560] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\SkPlg3VJKRam.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\skplg3vjkram.png"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38448030, ftCreationTime.dwHighDateTime=0x1d459d0, ftLastAccessTime.dwLowDateTime=0x5dfa7970, ftLastAccessTime.dwHighDateTime=0x1d45e39, ftLastWriteTime.dwLowDateTime=0x91837a10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x14570)) returned 1 [0108.560] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\SkPlg3VJKRam.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\skplg3vjkram.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\SkPlg3VJKRam.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\skplg3vjkram.png.blackhat")) returned 1 [0108.560] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x15843 [0108.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\zk5XXIV0GQFk91m.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\zk5xxiv0gqfk91m.png"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44f59ed0, ftCreationTime.dwHighDateTime=0x1d462b4, ftLastAccessTime.dwLowDateTime=0xc0d995c0, ftLastAccessTime.dwHighDateTime=0x1d464cf, ftLastWriteTime.dwLowDateTime=0x91837a10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x15850)) returned 1 [0108.566] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\zk5XXIV0GQFk91m.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\zk5xxiv0gqfk91m.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\zk5XXIV0GQFk91m.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\zk5xxiv0gqfk91m.png.blackhat")) returned 1 [0108.568] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x132c1 [0108.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\afntu1ySUzeveO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\afntu1ysuzeveo.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b6c5a30, ftCreationTime.dwHighDateTime=0x1d45807, ftLastAccessTime.dwLowDateTime=0x80bd97c0, ftLastAccessTime.dwHighDateTime=0x1d45d2c, ftLastWriteTime.dwLowDateTime=0x91837a10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x132d0)) returned 1 [0108.574] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\afntu1ySUzeveO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\afntu1ysuzeveo.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\xsNByB5Krrm8B2\\afntu1ySUzeveO.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xsnbyb5krrm8b2\\afntu1ysuzeveo.gif.blackhat")) returned 1 [0108.575] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x17143 [0108.581] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ktdxpOJo.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ktdxpojo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa736930, ftCreationTime.dwHighDateTime=0x1d464db, ftLastAccessTime.dwLowDateTime=0x408fc6a0, ftLastAccessTime.dwHighDateTime=0x1d46678, ftLastWriteTime.dwLowDateTime=0x9185db70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17150)) returned 1 [0108.581] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ktdxpOJo.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ktdxpojo.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ktdxpOJo.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ktdxpojo.jpg.blackhat")) returned 1 [0108.582] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x142dd [0108.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vxYh3Ayo0sM10H.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vxyh3ayo0sm10h.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a75be40, ftCreationTime.dwHighDateTime=0x1d46106, ftLastAccessTime.dwLowDateTime=0xae3f98f0, ftLastAccessTime.dwHighDateTime=0x1d46192, ftLastWriteTime.dwLowDateTime=0x9185db70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x142e0)) returned 1 [0108.587] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vxYh3Ayo0sM10H.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vxyh3ayo0sm10h.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vxYh3Ayo0sM10H.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vxyh3ayo0sm10h.jpg.blackhat")) returned 1 [0108.588] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x19b0 [0108.714] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zL1RvwUf_Ly.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zl1rvwuf_ly.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd020b7a0, ftCreationTime.dwHighDateTime=0x1d457b1, ftLastAccessTime.dwLowDateTime=0x109addf0, ftLastAccessTime.dwHighDateTime=0x1d45880, ftLastWriteTime.dwLowDateTime=0x9198e670, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x19c0)) returned 1 [0108.714] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zL1RvwUf_Ly.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zl1rvwuf_ly.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zL1RvwUf_Ly.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zl1rvwuf_ly.jpg.blackhat")) returned 1 [0108.715] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x18773 [0108.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7lhUWXy1p02Fqs.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7lhuwxy1p02fqs.png"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadbfc530, ftCreationTime.dwHighDateTime=0x1d45e5e, ftLastAccessTime.dwLowDateTime=0x65f234d0, ftLastAccessTime.dwHighDateTime=0x1d45e00, ftLastWriteTime.dwLowDateTime=0x919b47d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18780)) returned 1 [0108.721] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7lhUWXy1p02Fqs.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7lhuwxy1p02fqs.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7lhUWXy1p02Fqs.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7lhuwxy1p02fqs.png.blackhat")) returned 1 [0108.721] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xaf40 [0108.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\OOIO0.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ooio0.png"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd6523d0, ftCreationTime.dwHighDateTime=0x1d463f0, ftLastAccessTime.dwLowDateTime=0x55a8a9f0, ftLastAccessTime.dwHighDateTime=0x1d45abe, ftLastWriteTime.dwLowDateTime=0x919b47d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xaf50)) returned 1 [0108.725] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\OOIO0.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ooio0.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\OOIO0.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ooio0.png.blackhat")) returned 1 [0108.726] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1f8 [0108.729] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x8ba4 [0108.733] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KAWKBvQhv-9CkSRB483q.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kawkbvqhv-9cksrb483q.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab192640, ftCreationTime.dwHighDateTime=0x1d45f0e, ftLastAccessTime.dwLowDateTime=0x373ff970, ftLastAccessTime.dwHighDateTime=0x1d4628c, ftLastWriteTime.dwLowDateTime=0x919da930, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8bb0)) returned 1 [0108.733] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KAWKBvQhv-9CkSRB483q.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kawkbvqhv-9cksrb483q.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KAWKBvQhv-9CkSRB483q.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kawkbvqhv-9cksrb483q.gif.blackhat")) returned 1 [0108.738] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xc2c7 [0108.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\0QxKexPVWuEDl.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\0qxkexpvwuedl.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3ef2690, ftCreationTime.dwHighDateTime=0x1d4661c, ftLastAccessTime.dwLowDateTime=0x28a0c2b0, ftLastAccessTime.dwHighDateTime=0x1d456c4, ftLastWriteTime.dwLowDateTime=0x919da930, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc2d0)) returned 1 [0108.742] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\0QxKexPVWuEDl.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\0qxkexpvwuedl.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\0QxKexPVWuEDl.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\0qxkexpvwuedl.mp4.blackhat")) returned 1 [0108.743] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1639a [0108.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\2nWMdFZe6FgJfrfMjg.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\2nwmdfze6fgjfrfmjg.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b700620, ftCreationTime.dwHighDateTime=0x1d45777, ftLastAccessTime.dwLowDateTime=0x5ae433e0, ftLastAccessTime.dwHighDateTime=0x1d45806, ftLastWriteTime.dwLowDateTime=0x91a00a90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x163a0)) returned 1 [0108.749] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\2nWMdFZe6FgJfrfMjg.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\2nwmdfze6fgjfrfmjg.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\2nWMdFZe6FgJfrfMjg.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\2nwmdfze6fgjfrfmjg.mp4.blackhat")) returned 1 [0108.750] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1239c [0108.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\BN0C7rid1wk1Ic D.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\bn0c7rid1wk1ic d.avi"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8d7a740, ftCreationTime.dwHighDateTime=0x1d45a65, ftLastAccessTime.dwLowDateTime=0x9b0eb7b0, ftLastAccessTime.dwHighDateTime=0x1d45991, ftLastWriteTime.dwLowDateTime=0x91a00a90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x123a0)) returned 1 [0108.756] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\BN0C7rid1wk1Ic D.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\bn0c7rid1wk1ic d.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\BN0C7rid1wk1Ic D.avi.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\bn0c7rid1wk1ic d.avi.blackhat")) returned 1 [0108.757] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1d2a [0108.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\BFD0nDfVED86T_ULhs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\bfd0ndfved86t_ulhs.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x777f9090, ftCreationTime.dwHighDateTime=0x1d45df0, ftLastAccessTime.dwLowDateTime=0x8a0c95e0, ftLastAccessTime.dwHighDateTime=0x1d45e8c, ftLastWriteTime.dwLowDateTime=0x91a00a90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1d30)) returned 1 [0108.759] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\BFD0nDfVED86T_ULhs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\bfd0ndfved86t_ulhs.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\BFD0nDfVED86T_ULhs.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\bfd0ndfved86t_ulhs.mkv.blackhat")) returned 1 [0108.760] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xdb6 [0108.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\myyS1vW7I04KVf1CY.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\myys1vw7i04kvf1cy.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a8319a0, ftCreationTime.dwHighDateTime=0x1d46613, ftLastAccessTime.dwLowDateTime=0x4a55f660, ftLastAccessTime.dwHighDateTime=0x1d4565a, ftLastWriteTime.dwLowDateTime=0x91a72eb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xdc0)) returned 1 [0108.802] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\myyS1vW7I04KVf1CY.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\myys1vw7i04kvf1cy.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\myyS1vW7I04KVf1CY.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\myys1vw7i04kvf1cy.mkv.blackhat")) returned 1 [0108.802] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x146e3 [0108.808] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\TiihY9hIrj6mmVaCc.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\tiihy9hirj6mmvacc.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e820 | out: lpFileInformation=0x29e820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda79b0c0, ftCreationTime.dwHighDateTime=0x1d4644b, ftLastAccessTime.dwLowDateTime=0x6251ce60, ftLastAccessTime.dwHighDateTime=0x1d460e6, ftLastWriteTime.dwLowDateTime=0x91a72eb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x146f0)) returned 1 [0108.808] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\TiihY9hIrj6mmVaCc.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\tiihy9hirj6mmvacc.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\TiihY9hIrj6mmVaCc.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\tiihy9hirj6mmvacc.mkv.blackhat")) returned 1 [0108.811] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x17a24 [0108.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\6Y2AP_NR_i-.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\6y2ap_nr_i-.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb39cb780, ftCreationTime.dwHighDateTime=0x1d45dd0, ftLastAccessTime.dwLowDateTime=0x43a0f7e0, ftLastAccessTime.dwHighDateTime=0x1d46670, ftLastWriteTime.dwLowDateTime=0x91a99010, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17a30)) returned 1 [0108.817] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\6Y2AP_NR_i-.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\6y2ap_nr_i-.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\6Y2AP_NR_i-.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\6y2ap_nr_i-.mp4.blackhat")) returned 1 [0108.817] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xf607 [0108.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\cDxDBdRug.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\cdxdbdrug.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x831e49e0, ftCreationTime.dwHighDateTime=0x1d45a54, ftLastAccessTime.dwLowDateTime=0xa1db1f0, ftLastAccessTime.dwHighDateTime=0x1d4613b, ftLastWriteTime.dwLowDateTime=0x91a99010, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf610)) returned 1 [0108.822] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\cDxDBdRug.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\cdxdbdrug.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\cDxDBdRug.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\cdxdbdrug.mp4.blackhat")) returned 1 [0108.823] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1185b [0108.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\x UidggNMMghN8-HQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\x uidggnmmghn8-hq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10db1b80, ftCreationTime.dwHighDateTime=0x1d457e1, ftLastAccessTime.dwLowDateTime=0xa08be130, ftLastAccessTime.dwHighDateTime=0x1d46450, ftLastWriteTime.dwLowDateTime=0x91abf170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x11860)) returned 1 [0108.828] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\x UidggNMMghN8-HQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\x uidggnmmghn8-hq.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\x UidggNMMghN8-HQ.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\x uidggnmmghn8-hq.mkv.blackhat")) returned 1 [0108.830] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x18ac6 [0108.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\pbQetNKgY3ZjcWUYbqfg.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\pbqetnkgy3zjcwuybqfg.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0afc150, ftCreationTime.dwHighDateTime=0x1d4661b, ftLastAccessTime.dwLowDateTime=0x78dd2d40, ftLastAccessTime.dwHighDateTime=0x1d4613c, ftLastWriteTime.dwLowDateTime=0x91abf170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18ad0)) returned 1 [0108.836] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\pbQetNKgY3ZjcWUYbqfg.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\pbqetnkgy3zjcwuybqfg.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\pbQetNKgY3ZjcWUYbqfg.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\pbqetnkgy3zjcwuybqfg.mp4.blackhat")) returned 1 [0108.837] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x15a03 [0108.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\NJf4QF.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\njf4qf.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe23df10, ftCreationTime.dwHighDateTime=0x1d464e4, ftLastAccessTime.dwLowDateTime=0x85a5d310, ftLastAccessTime.dwHighDateTime=0x1d46560, ftLastWriteTime.dwLowDateTime=0x91ae52d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x15a10)) returned 1 [0108.851] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\NJf4QF.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\njf4qf.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\NJf4QF.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\njf4qf.mkv.blackhat")) returned 1 [0108.852] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x6d21 [0108.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\s98fyzWcA8HyPfay3y1P.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\s98fyzwca8hypfay3y1p.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8f24d0, ftCreationTime.dwHighDateTime=0x1d4623e, ftLastAccessTime.dwLowDateTime=0xb0d554b0, ftLastAccessTime.dwHighDateTime=0x1d46363, ftLastWriteTime.dwLowDateTime=0x91b0b430, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6d30)) returned 1 [0108.857] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\s98fyzWcA8HyPfay3y1P.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\s98fyzwca8hypfay3y1p.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\s98fyzWcA8HyPfay3y1P.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\s98fyzwca8hypfay3y1p.mkv.blackhat")) returned 1 [0108.858] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x168d7 [0108.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\tk0xoL.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\tk0xol.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e2e0ca0, ftCreationTime.dwHighDateTime=0x1d45f98, ftLastAccessTime.dwLowDateTime=0x9e6234a0, ftLastAccessTime.dwHighDateTime=0x1d45ba3, ftLastWriteTime.dwLowDateTime=0x91b0b430, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x168e0)) returned 1 [0108.866] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\tk0xoL.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\tk0xol.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\1O0_UNXpWhB_5sU17aHW\\tk0xoL.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\1o0_unxpwhb_5su17ahw\\tk0xol.mkv.blackhat")) returned 1 [0108.868] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x4bb6 [0108.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\f9IYH.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\f9iyh.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8dc0bd0, ftCreationTime.dwHighDateTime=0x1d45e42, ftLastAccessTime.dwLowDateTime=0x8dad36f0, ftLastAccessTime.dwHighDateTime=0x1d46026, ftLastWriteTime.dwLowDateTime=0x91b31590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x4bc0)) returned 1 [0108.871] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\f9IYH.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\f9iyh.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\f9IYH.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\f9iyh.mp4.blackhat")) returned 1 [0108.872] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x7a70 [0108.875] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\MLvw4mqRtz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\mlvw4mqrtz.avi"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37632c0, ftCreationTime.dwHighDateTime=0x1d457fc, ftLastAccessTime.dwLowDateTime=0xaca5f430, ftLastAccessTime.dwHighDateTime=0x1d46516, ftLastWriteTime.dwLowDateTime=0x91b31590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7a80)) returned 1 [0108.875] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\MLvw4mqRtz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\mlvw4mqrtz.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\MLvw4mqRtz.avi.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\mlvw4mqrtz.avi.blackhat")) returned 1 [0108.876] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x988d [0108.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\-U-BcVuqg.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\-u-bcvuqg.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b712ed0, ftCreationTime.dwHighDateTime=0x1d46433, ftLastAccessTime.dwLowDateTime=0x42824df0, ftLastAccessTime.dwHighDateTime=0x1d45879, ftLastWriteTime.dwLowDateTime=0x91b31590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9890)) returned 1 [0108.880] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\-U-BcVuqg.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\-u-bcvuqg.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\3YN_CZT0O\\-U-BcVuqg.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\3yn_czt0o\\-u-bcvuqg.mkv.blackhat")) returned 1 [0108.882] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xe245 [0108.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\_wpFDzC4c\\91vuHJ 9ySFBBd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\_wpfdzc4c\\91vuhj 9ysfbbd.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6acf23f0, ftCreationTime.dwHighDateTime=0x1d4572a, ftLastAccessTime.dwLowDateTime=0xcb554c50, ftLastAccessTime.dwHighDateTime=0x1d459b3, ftLastWriteTime.dwLowDateTime=0x91b576f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe250)) returned 1 [0108.888] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\_wpFDzC4c\\91vuHJ 9ySFBBd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\_wpfdzc4c\\91vuhj 9ysfbbd.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\_wpFDzC4c\\91vuHJ 9ySFBBd.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\_wpfdzc4c\\91vuhj 9ysfbbd.mp4.blackhat")) returned 1 [0108.888] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xe4c5 [0108.892] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\_wpFDzC4c\\1haWBOfE1YVpZe8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\_wpfdzc4c\\1hawbofe1yvpze8.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73f9e130, ftCreationTime.dwHighDateTime=0x1d457da, ftLastAccessTime.dwLowDateTime=0x4ed7a030, ftLastAccessTime.dwHighDateTime=0x1d45655, ftLastWriteTime.dwLowDateTime=0x91b576f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe4d0)) returned 1 [0108.893] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\_wpFDzC4c\\1haWBOfE1YVpZe8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\_wpfdzc4c\\1hawbofe1yvpze8.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hrtjCD\\F_LulY8W\\_wpFDzC4c\\1haWBOfE1YVpZe8.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hrtjcd\\f_luly8w\\_wpfdzc4c\\1hawbofe1yvpze8.mkv.blackhat")) returned 1 [0108.897] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1f8 [0108.900] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x9f72 [0108.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l7p6LVZRdFFPrRS0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l7p6lvzrdffprrs0.avi"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10178de0, ftCreationTime.dwHighDateTime=0x1d45fb7, ftLastAccessTime.dwLowDateTime=0x90e471f0, ftLastAccessTime.dwHighDateTime=0x1d464ac, ftLastWriteTime.dwLowDateTime=0x91b7d850, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9f80)) returned 1 [0108.904] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l7p6LVZRdFFPrRS0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l7p6lvzrdffprrs0.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l7p6LVZRdFFPrRS0.avi.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l7p6lvzrdffprrs0.avi.blackhat")) returned 1 [0108.905] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x12b5b [0108.909] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\2712.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\2712.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24fa8a60, ftCreationTime.dwHighDateTime=0x1d46001, ftLastAccessTime.dwLowDateTime=0x3c4ec5c0, ftLastAccessTime.dwHighDateTime=0x1d45a3c, ftLastWriteTime.dwLowDateTime=0x91b7d850, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x12b60)) returned 1 [0108.909] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\2712.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\2712.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\2712.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\2712.mkv.blackhat")) returned 1 [0108.910] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x15eca [0108.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yQ-1dHssrB2.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yq-1dhssrb2.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e8d0 | out: lpFileInformation=0x29e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd567970, ftCreationTime.dwHighDateTime=0x1d45ef0, ftLastAccessTime.dwLowDateTime=0x98b7c2f0, ftLastAccessTime.dwHighDateTime=0x1d46453, ftLastWriteTime.dwLowDateTime=0x91b7d850, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x15ed0)) returned 1 [0108.916] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yQ-1dHssrB2.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yq-1dhssrb2.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yQ-1dHssrB2.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yq-1dhssrb2.mkv.blackhat")) returned 1 [0108.923] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x1f8 [0109.189] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x113f58 [0109.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x91f5bc10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x113f60)) returned 1 [0109.316] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe.blackhat")) returned 1 [0109.349] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x3c50 [0109.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x92040450, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3c60)) returned 1 [0109.410] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.blackhat")) returned 1 [0109.410] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x113f60 [0109.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x920d89d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x113f70)) returned 1 [0109.471] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.blackhat")) returned 1 [0109.839] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x0 [0109.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9246aad0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0109.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log.blackhat")) returned 1 [0109.905] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x156 [0109.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x92503050, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0109.908] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log.blackhat")) returned 1 [0110.015] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x4ad [0110.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x92633b50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x4b0)) returned 1 [0110.030] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log.blackhat")) returned 1 [0110.188] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0xd2c [0110.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x927d6a70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd30)) returned 1 [0110.204] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.blackhat")) returned 1 [0110.205] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0xa0 [0110.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x927d6a70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0110.208] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.blackhat")) returned 1 [0110.210] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x5c [0110.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x927fcbd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0110.213] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.blackhat")) returned 1 [0110.645] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0xc8d [0110.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x92c27250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc90)) returned 1 [0110.649] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.blackhat")) returned 1 [0110.651] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x8f [0110.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x92c27250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x90)) returned 1 [0110.654] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.blackhat")) returned 1 [0110.655] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x5c [0110.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x92c27250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0110.658] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.blackhat")) returned 1 [0110.997] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x1a33 [0111.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x92f931f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a40)) returned 1 [0111.023] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.blackhat")) returned 1 [0111.336] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0xd4e [0111.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x932ff190, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd50)) returned 1 [0111.378] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.blackhat")) returned 1 [0111.694] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0xd47 [0111.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84234950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93644fd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd50)) returned 1 [0111.719] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.blackhat")) returned 1 [0111.720] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x9d [0111.723] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84239770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93644fd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa0)) returned 1 [0111.723] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.blackhat")) returned 1 [0111.724] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x5c [0111.727] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8423be80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8423e590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9366b130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0111.727] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.blackhat")) returned 1 [0111.978] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x1378 [0111.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x938f2890, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1380)) returned 1 [0111.995] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.blackhat")) returned 1 [0112.541] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x32a [0112.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a0bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93ebfe30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x330)) returned 1 [0112.608] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.blackhat")) returned 1 [0112.630] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x1109 [0112.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828af610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f0c0f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1110)) returned 1 [0112.634] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.blackhat")) returned 1 [0112.638] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x22c [0112.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828c7cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f0c0f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x230)) returned 1 [0112.641] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.blackhat")) returned 1 [0112.642] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0xa0 [0112.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ccad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ccad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f0c0f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0112.646] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.blackhat")) returned 1 [0112.646] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0xfc [0112.650] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828cf1e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d18f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f32250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0112.650] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.blackhat")) returned 1 [0112.651] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0xa0 [0112.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d6710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d6710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f32250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0112.654] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.blackhat")) returned 1 [0112.655] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0xa6 [0112.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d8e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d8e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f32250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0112.659] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.blackhat")) returned 1 [0112.660] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0xa0 [0112.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f583b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0112.663] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.blackhat")) returned 1 [0112.666] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x112dc [0112.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a80e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828aa7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93f583b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x112e0)) returned 1 [0112.677] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.blackhat")) returned 1 [0112.950] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x180f [0113.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x942ea4b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1810)) returned 1 [0113.047] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.blackhat")) returned 1 [0113.298] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x111e1 [0113.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8364db50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8364db50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9481f4d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x111f0)) returned 1 [0113.587] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.blackhat")) returned 1 [0113.589] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x38a8 [0113.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a0b70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a0b70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94845630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x38b0)) returned 1 [0113.608] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.blackhat")) returned 1 [0113.728] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x1bef [0113.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83674c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83674c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94a0e6b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1bf0)) returned 1 [0113.788] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.blackhat")) returned 1 [0113.789] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x3b [0113.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83679a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83679a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94a0e6b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40)) returned 1 [0113.792] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.blackhat")) returned 1 [0113.792] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x828 [0113.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8367c180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8367c180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94aa6c30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x830)) returned 1 [0113.860] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.blackhat")) returned 1 [0113.862] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x3b [0113.865] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83685dc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83685dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94accd90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40)) returned 1 [0113.865] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.blackhat")) returned 1 [0113.866] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x3b [0113.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94accd90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40)) returned 1 [0113.869] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.blackhat")) returned 1 [0113.873] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e1a8 | out: lpFileSizeHigh=0x29e1a8*=0x0) returned 0x174c [0113.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), fInfoLevelId=0x0, lpFileInformation=0x29e1f0 | out: lpFileInformation=0x29e1f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8368fa00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368fa00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94b3f1b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1750)) returned 1 [0113.925] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.blackhat")) returned 1 [0114.259] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x0 [0114.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86513570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94e84ff0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0114.260] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.blackhat")) returned 1 [0114.440] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x0 [0114.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8448d2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9504e070, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0114.442] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.blackhat")) returned 1 [0114.636] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.638] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.639] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.640] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.640] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.657] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.658] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.659] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.659] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.660] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.664] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.665] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.665] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.666] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.667] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.671] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.672] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.672] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.673] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.674] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.678] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.678] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.679] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.680] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.681] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.684] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.685] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.686] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.687] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.688] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.691] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.692] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.693] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.694] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.694] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.698] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.699] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.700] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.700] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.701] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.705] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.706] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.707] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.707] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.708] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.712] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.713] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.713] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.714] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.715] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.718] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.719] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.720] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.723] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.724] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.728] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.729] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.729] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.730] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.731] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.734] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.735] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.736] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.737] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.738] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.741] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.742] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.743] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.744] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.744] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.749] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.750] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.750] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.751] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.752] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.756] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.757] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.757] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.758] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.759] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.763] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.764] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.764] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.765] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.766] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.770] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.771] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.772] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.772] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.773] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.776] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.777] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.778] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.779] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.780] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.783] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.784] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.785] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.786] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.787] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.791] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.792] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.792] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.793] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.794] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.798] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.799] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.800] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.801] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.802] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.806] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.807] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.807] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.808] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.809] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.813] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.814] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.818] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.818] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.819] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.822] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.822] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.823] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.823] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.824] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.827] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.828] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.828] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.829] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.829] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.833] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.833] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.834] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.835] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.835] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.838] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.839] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.840] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.840] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.841] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.844] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.845] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.846] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.847] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.847] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.851] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.852] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.852] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.853] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.854] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.857] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.858] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.858] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.859] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.860] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.864] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.865] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.865] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.866] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.867] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.871] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.871] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.872] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.873] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.874] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.877] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.878] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.879] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.879] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.880] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.884] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.884] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.885] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.886] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.886] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.890] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.890] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.891] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.892] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.893] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.896] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.897] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.898] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.898] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.899] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.903] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.904] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.904] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.905] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.906] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.919] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.920] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.920] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.921] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.922] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.925] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.926] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.927] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.927] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.928] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.931] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.932] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.933] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.934] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.934] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.938] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.939] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.939] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.940] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.941] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.944] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.945] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.946] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.947] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.947] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.951] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.951] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.952] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.953] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.953] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.958] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.959] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.959] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.960] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.961] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.964] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.965] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.966] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.966] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.967] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.971] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.971] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.972] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.973] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.974] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.977] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.978] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.978] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.979] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.980] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.983] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.984] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.985] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.985] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.986] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.990] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.990] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29e020, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0114.991] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dff0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0114.992] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29dfc0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0115.180] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x43 [0115.186] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0115.192] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0115.197] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0115.206] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0115.238] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x2fb0 [0115.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9580a7f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2fc0)) returned 1 [0115.255] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.blackhat")) returned 1 [0115.257] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x2fa9 [0115.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9580a7f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0)) returned 1 [0115.260] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.blackhat")) returned 1 [0115.266] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xd [0115.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x95830950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0115.269] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml.blackhat")) returned 1 [0115.754] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x7ef [0115.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x95cf3550, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7f0)) returned 1 [0115.780] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml.blackhat")) returned 1 [0115.813] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x0 [0115.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa734ff0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xa734ff0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x95d65970, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0115.815] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log.blackhat")) returned 1 [0115.828] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xae [0115.835] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xae [0115.842] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xae [0115.855] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x91 [0115.858] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x91 [0115.866] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x91 [0115.871] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x91 [0115.879] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0115.883] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0115.960] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0116.043] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0116.119] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0116.216] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0116.227] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0116.236] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0116.266] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xbb [0116.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ddbc1a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5ddbc1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x961b6150, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc0)) returned 1 [0116.269] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt.blackhat")) returned 1 [0116.270] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x66 [0116.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x551dcf90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x551dcf90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96202410, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0116.305] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt.blackhat")) returned 1 [0116.307] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x333f [0116.327] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96228570, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3340)) returned 1 [0116.327] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg.blackhat")) returned 1 [0116.328] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x90b [0116.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96274830, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x910)) returned 1 [0116.348] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg.blackhat")) returned 1 [0116.349] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x994 [0116.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53630fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53630fd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96274830, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9a0)) returned 1 [0116.352] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg.blackhat")) returned 1 [0116.353] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x28b9 [0116.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9629a990, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x28c0)) returned 1 [0116.364] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg.blackhat")) returned 1 [0116.365] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x176d [0116.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b65ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b65ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x962e6c50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1770)) returned 1 [0116.393] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg.blackhat")) returned 1 [0116.394] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x6218 [0116.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d18e120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d18e120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9630cdb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6220)) returned 1 [0116.413] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg.blackhat")) returned 1 [0116.414] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x75a [0116.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96332f10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0116.431] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg.blackhat")) returned 1 [0116.432] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2d89 [0116.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96359070, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d90)) returned 1 [0116.444] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg.blackhat")) returned 1 [0116.445] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1e36 [0116.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9637f1d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1e40)) returned 1 [0116.461] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg.blackhat")) returned 1 [0116.462] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1ee7 [0116.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x963a5330, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1ef0)) returned 1 [0116.477] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg.blackhat")) returned 1 [0116.479] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x924 [0116.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x963a5330, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x930)) returned 1 [0116.485] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg.blackhat")) returned 1 [0116.487] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1963 [0116.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x963f15f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1970)) returned 1 [0116.510] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg.blackhat")) returned 1 [0116.511] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x16d6 [0116.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53af3bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53af3bd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96417750, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x16e0)) returned 1 [0116.529] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg.blackhat")) returned 1 [0116.529] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7ae [0116.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9643d8b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7b0)) returned 1 [0116.541] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg.blackhat")) returned 1 [0116.542] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x974 [0116.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96463a10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x980)) returned 1 [0116.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg.blackhat")) returned 1 [0116.552] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1e67 [0116.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x964afcd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1e70)) returned 1 [0116.578] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg.blackhat")) returned 1 [0116.580] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xaa8 [0116.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x964d5e30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xab0)) returned 1 [0116.598] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg.blackhat")) returned 1 [0116.599] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x97a [0116.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x964d5e30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x980)) returned 1 [0116.608] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg.blackhat")) returned 1 [0116.609] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7d8 [0116.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5160e6d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5160e6d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x964fbf90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7e0)) returned 1 [0116.613] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg.blackhat")) returned 1 [0116.614] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x8d7 [0116.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538de890, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538de890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96548250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8e0)) returned 1 [0116.653] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg.blackhat")) returned 1 [0116.654] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x24be [0116.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96594510, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x24c0)) returned 1 [0116.680] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg.blackhat")) returned 1 [0116.681] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x33a8 [0116.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6125cc20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6125cc20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x965e07d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x33b0)) returned 1 [0116.713] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg.blackhat")) returned 1 [0116.714] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x738 [0116.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96652bf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x740)) returned 1 [0116.752] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg.blackhat")) returned 1 [0116.754] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x17a5 [0116.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96652bf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17b0)) returned 1 [0116.757] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg.blackhat")) returned 1 [0116.758] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2720 [0116.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96678d50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2730)) returned 1 [0116.777] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg.blackhat")) returned 1 [0116.778] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x522 [0116.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9669eeb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x530)) returned 1 [0116.794] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg.blackhat")) returned 1 [0116.795] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x188f [0116.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x966c5010, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1890)) returned 1 [0116.799] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg.blackhat")) returned 1 [0116.800] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7fe [0116.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x966eb170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x800)) returned 1 [0116.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg.blackhat")) returned 1 [0116.821] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x320d [0116.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x967112d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3210)) returned 1 [0116.833] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg.blackhat")) returned 1 [0116.835] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x28f2 [0116.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96737430, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2900)) returned 1 [0116.847] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg.blackhat")) returned 1 [0116.849] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x83c [0116.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9675d590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x840)) returned 1 [0116.859] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg.blackhat")) returned 1 [0116.861] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x968 [0116.883] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x967836f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x970)) returned 1 [0116.883] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg.blackhat")) returned 1 [0116.885] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x8d4 [0116.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x967f5b10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8e0)) returned 1 [0116.928] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg.blackhat")) returned 1 [0116.929] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x6e0 [0116.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9681bc70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6f0)) returned 1 [0116.937] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg.blackhat")) returned 1 [0116.938] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x8b9 [0116.954] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96841dd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8c0)) returned 1 [0116.954] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg.blackhat")) returned 1 [0116.956] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2086 [0116.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96841dd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2090)) returned 1 [0116.960] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg.blackhat")) returned 1 [0116.962] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x97b [0116.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9688e090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x980)) returned 1 [0116.983] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg.blackhat")) returned 1 [0116.984] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x69a [0116.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9688e090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6a0)) returned 1 [0116.997] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg.blackhat")) returned 1 [0116.999] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x6d0 [0117.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x969004b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6e0)) returned 1 [0117.032] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg.blackhat")) returned 1 [0117.033] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x687 [0117.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96926610, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x690)) returned 1 [0117.055] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg.blackhat")) returned 1 [0117.057] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x24c8 [0117.065] ReadFile (in: hFile=0x258, lpBuffer=0x21d6868, nNumberOfBytesToRead=0x24c8, lpNumberOfBytesRead=0x29e238, lpOverlapped=0x0 | out: lpBuffer=0x21d6868*, lpNumberOfBytesRead=0x29e238*=0x24c8, lpOverlapped=0x0) returned 1 [0117.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x969728d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x24d0)) returned 1 [0117.084] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg.blackhat")) returned 1 [0117.085] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3417 [0117.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x969e4cf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3420)) returned 1 [0117.128] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg.blackhat")) returned 1 [0117.129] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xc0b [0117.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96a0ae50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc10)) returned 1 [0117.154] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg.blackhat")) returned 1 [0117.156] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3c4c [0117.166] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96a30fb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3c50)) returned 1 [0117.166] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg.blackhat")) returned 1 [0117.168] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1f0e [0117.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96a57110, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1f10)) returned 1 [0117.176] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg.blackhat")) returned 1 [0117.177] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x980 [0117.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96a7d270, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x990)) returned 1 [0117.189] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg.blackhat")) returned 1 [0117.190] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x23fd [0117.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96a7d270, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2400)) returned 1 [0117.198] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg.blackhat")) returned 1 [0117.200] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1a59 [0117.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96ac9530, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a60)) returned 1 [0117.220] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg.blackhat")) returned 1 [0117.221] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7b0 [0117.234] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96aef690, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7c0)) returned 1 [0117.235] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg.blackhat")) returned 1 [0117.237] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x44ec [0117.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96b157f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x44f0)) returned 1 [0117.249] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg.blackhat")) returned 1 [0117.252] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x171b [0117.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x96b3b950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1720)) returned 1 [0117.267] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg.blackhat")) returned 1 [0117.269] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1826 [0117.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96b3b950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1830)) returned 1 [0117.273] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg.blackhat")) returned 1 [0117.275] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x5e5 [0117.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x96b61ab0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5f0)) returned 1 [0117.287] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg.blackhat")) returned 1 [0117.288] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x5e5 [0117.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96b87c10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5f0)) returned 1 [0117.295] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg.blackhat")) returned 1 [0117.296] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3565 [0117.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96badd70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3570)) returned 1 [0117.311] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg.blackhat")) returned 1 [0117.312] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x38b7 [0117.329] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96bd3ed0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x38c0)) returned 1 [0117.329] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg.blackhat")) returned 1 [0117.330] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x10c6c [0117.346] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ea49c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ea49c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96bfa030, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10c70)) returned 1 [0117.346] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg.blackhat")) returned 1 [0117.348] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7f78 [0117.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf893e70, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf893e70, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x96c462f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7f80)) returned 1 [0117.375] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg.blackhat")) returned 1 [0117.377] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x135 [0117.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96c462f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x140)) returned 1 [0117.384] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png.blackhat")) returned 1 [0117.385] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x28e [0117.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96c6c450, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x290)) returned 1 [0117.405] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png.blackhat")) returned 1 [0117.407] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1cd [0117.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96cb8710, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1d0)) returned 1 [0117.428] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png.blackhat")) returned 1 [0117.429] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x191 [0117.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96cb8710, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0117.433] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png.blackhat")) returned 1 [0117.434] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x19d [0117.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96d049d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0117.459] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png.blackhat")) returned 1 [0117.460] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2c8 [0117.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96d2ab30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d0)) returned 1 [0117.478] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png.blackhat")) returned 1 [0117.482] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x342 [0117.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96d50c90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x350)) returned 1 [0117.486] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png.blackhat")) returned 1 [0117.487] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1d0 [0117.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96d50c90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1e0)) returned 1 [0117.495] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png.blackhat")) returned 1 [0117.496] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x310 [0117.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96d76df0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x320)) returned 1 [0117.509] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png.blackhat")) returned 1 [0117.510] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x120 [0117.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96d9cf50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x130)) returned 1 [0117.518] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png.blackhat")) returned 1 [0117.519] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x121 [0117.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96dc30b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x130)) returned 1 [0117.531] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png.blackhat")) returned 1 [0117.532] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x18c [0117.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96e0f370, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x190)) returned 1 [0117.562] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png.blackhat")) returned 1 [0117.564] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x168 [0117.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x96e5b630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x170)) returned 1 [0117.602] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png.blackhat")) returned 1 [0117.603] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xf3 [0117.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x96ea78f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0117.630] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png.blackhat")) returned 1 [0117.631] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3b9 [0117.664] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x96ef3bb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3c0)) returned 1 [0117.664] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png.blackhat")) returned 1 [0117.665] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x14d [0117.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96f19d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x150)) returned 1 [0117.675] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png.blackhat")) returned 1 [0117.676] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x24b [0117.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x96f3fe70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x250)) returned 1 [0117.689] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png.blackhat")) returned 1 [0117.690] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x36c [0117.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96f65fd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x370)) returned 1 [0117.712] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png.blackhat")) returned 1 [0117.714] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x29ed [0117.727] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d4dd60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d4dd60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96f8c130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x29f0)) returned 1 [0117.727] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png.blackhat")) returned 1 [0117.732] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0117.750] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x24e29 [0117.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5101afd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5101afd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x970246b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x24e30)) returned 1 [0117.781] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt.blackhat")) returned 1 [0117.782] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x34ce [0117.807] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62410fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62410fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9704a810, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x34d0)) returned 1 [0117.807] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt.blackhat")) returned 1 [0117.808] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xa2 [0117.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54fa1af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54fa1af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97096ad0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0117.826] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt.blackhat")) returned 1 [0117.829] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x5feb [0117.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53bb22b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bb22b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x970bcc30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5ff0)) returned 1 [0117.854] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.blackhat")) returned 1 [0117.855] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1c22 [0117.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x970e2d90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1c30)) returned 1 [0117.866] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg.blackhat")) returned 1 [0117.867] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2ac7 [0117.874] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x642446e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x642446e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97108ef0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2ad0)) returned 1 [0117.875] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg.blackhat")) returned 1 [0117.876] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7c9 [0117.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9712f050, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7d0)) returned 1 [0117.898] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg.blackhat")) returned 1 [0117.899] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1f19 [0117.903] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x971551b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1f20)) returned 1 [0117.904] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg.blackhat")) returned 1 [0117.905] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x711 [0117.909] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x971551b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x720)) returned 1 [0117.909] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg.blackhat")) returned 1 [0117.910] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2569 [0117.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x971a1470, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2570)) returned 1 [0117.937] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg.blackhat")) returned 1 [0117.939] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x30d2 [0117.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x971a1470, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x30e0)) returned 1 [0117.946] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg.blackhat")) returned 1 [0117.947] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9b9 [0117.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x971c75d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9c0)) returned 1 [0117.960] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg.blackhat")) returned 1 [0117.961] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x48f4 [0117.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x671dfee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x671dfee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x971ed730, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x4900)) returned 1 [0117.971] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg.blackhat")) returned 1 [0117.972] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1c21 [0117.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97213890, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1c30)) returned 1 [0117.986] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg.blackhat")) returned 1 [0117.987] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x16bf [0117.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97213890, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x16c0)) returned 1 [0117.993] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg.blackhat")) returned 1 [0117.994] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x12f9 [0118.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x972399f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1300)) returned 1 [0118.003] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg.blackhat")) returned 1 [0118.004] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9a9 [0118.007] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x972399f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9b0)) returned 1 [0118.007] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg.blackhat")) returned 1 [0118.009] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1b08 [0118.020] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9725fb50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1b10)) returned 1 [0118.020] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg.blackhat")) returned 1 [0118.021] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1c41 [0118.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e29b2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e29b2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97285cb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1c50)) returned 1 [0118.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg.blackhat")) returned 1 [0118.034] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x950 [0118.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97285cb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x960)) returned 1 [0118.043] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg.blackhat")) returned 1 [0118.045] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1bba [0118.058] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x972abe10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1bc0)) returned 1 [0118.058] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg.blackhat")) returned 1 [0118.059] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x76a [0118.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5154fff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5154fff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x972d1f70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x770)) returned 1 [0118.063] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg.blackhat")) returned 1 [0118.064] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x95f [0118.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97402a70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x960)) returned 1 [0118.186] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg.blackhat")) returned 1 [0118.188] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x241e [0118.406] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533112f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533112f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97617db0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2420)) returned 1 [0118.406] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg.blackhat")) returned 1 [0118.407] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x938 [0118.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97617db0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x940)) returned 1 [0118.411] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg.blackhat")) returned 1 [0118.412] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x192a [0118.460] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9768a1d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1930)) returned 1 [0118.460] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg.blackhat")) returned 1 [0118.461] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x23fb [0118.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9776ea10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2400)) returned 1 [0118.553] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg.blackhat")) returned 1 [0118.554] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2a99 [0118.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x978793b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2aa0)) returned 1 [0118.663] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg.blackhat")) returned 1 [0118.665] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3200 [0118.923] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e02430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e02430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97b00b10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3210)) returned 1 [0118.923] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg.blackhat")) returned 1 [0118.925] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7e1 [0118.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97b99090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7f0)) returned 1 [0118.984] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg.blackhat")) returned 1 [0118.985] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1b4e [0118.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97b99090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1b50)) returned 1 [0118.991] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg.blackhat")) returned 1 [0118.992] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x751 [0119.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97be5350, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0119.012] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg.blackhat")) returned 1 [0119.013] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x200e [0119.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97be5350, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2010)) returned 1 [0119.026] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg.blackhat")) returned 1 [0119.028] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1dcb [0119.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97c0b4b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1dd0)) returned 1 [0119.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg.blackhat")) returned 1 [0119.034] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x23ba [0119.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97c31610, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x23c0)) returned 1 [0119.052] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg.blackhat")) returned 1 [0119.053] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xb58 [0119.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97c57770, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb60)) returned 1 [0119.064] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg.blackhat")) returned 1 [0119.065] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x91d [0119.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97c7d8d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x920)) returned 1 [0119.078] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg.blackhat")) returned 1 [0119.079] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2850 [0119.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45583010, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45583010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97c7d8d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2860)) returned 1 [0119.083] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg.blackhat")) returned 1 [0119.084] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x16ca [0119.094] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97ca3a30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x16d0)) returned 1 [0119.095] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg.blackhat")) returned 1 [0119.096] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xafe [0119.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97cc9b90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb00)) returned 1 [0119.107] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg.blackhat")) returned 1 [0119.108] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2a48 [0119.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97cc9b90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2a50)) returned 1 [0119.115] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg.blackhat")) returned 1 [0119.116] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x87f [0119.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97cefcf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x880)) returned 1 [0119.125] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg.blackhat")) returned 1 [0119.126] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xaa9 [0119.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97d15e50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xab0)) returned 1 [0119.138] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg.blackhat")) returned 1 [0119.141] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1d26 [0119.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97d15e50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1d30)) returned 1 [0119.152] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg.blackhat")) returned 1 [0119.159] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x780 [0119.167] ReadFile (in: hFile=0x258, lpBuffer=0x21d7438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e238, lpOverlapped=0x0 | out: lpBuffer=0x21d7438*, lpNumberOfBytesRead=0x29e238*=0x780, lpOverlapped=0x0) returned 1 [0119.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe3bfdf0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe3bfdf0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x97d62110, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x790)) returned 1 [0119.180] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg.blackhat")) returned 1 [0119.181] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7be [0119.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97dae3d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7c0)) returned 1 [0119.208] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg.blackhat")) returned 1 [0119.209] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3a2a [0119.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97dae3d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3a30)) returned 1 [0119.213] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg.blackhat")) returned 1 [0119.214] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2f76 [0119.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97dd4530, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2f80)) returned 1 [0119.222] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg.blackhat")) returned 1 [0119.224] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x786 [0119.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97dfa690, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x790)) returned 1 [0119.238] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg.blackhat")) returned 1 [0119.240] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xa07 [0119.272] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97e46950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa10)) returned 1 [0119.272] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg.blackhat")) returned 1 [0119.274] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1998 [0119.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97e6cab0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x19a0)) returned 1 [0119.278] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg.blackhat")) returned 1 [0119.279] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1a65 [0119.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97e92c10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a70)) returned 1 [0119.299] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg.blackhat")) returned 1 [0119.300] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x5a45 [0119.315] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x97eb8d70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5a50)) returned 1 [0119.315] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg.blackhat")) returned 1 [0119.316] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x388f [0119.329] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97edeed0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3890)) returned 1 [0119.329] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg.blackhat")) returned 1 [0119.329] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1e97 [0119.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97edeed0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1ea0)) returned 1 [0119.334] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg.blackhat")) returned 1 [0119.335] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x23bf [0119.349] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97f05030, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x23c0)) returned 1 [0119.350] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg.blackhat")) returned 1 [0119.351] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x8df [0119.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97f2b190, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8e0)) returned 1 [0119.363] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg.blackhat")) returned 1 [0119.365] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2b8d [0119.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97f512f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2b90)) returned 1 [0119.375] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg.blackhat")) returned 1 [0119.376] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x201f [0119.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x97f512f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2020)) returned 1 [0119.385] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg.blackhat")) returned 1 [0119.386] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x6e9 [0119.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x97f77450, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6f0)) returned 1 [0119.395] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg.blackhat")) returned 1 [0119.395] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3376 [0119.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f9d5b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3380)) returned 1 [0119.403] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg.blackhat")) returned 1 [0119.405] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x13c06 [0119.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60baae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60baae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97fc3710, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x13c10)) returned 1 [0119.423] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg.blackhat")) returned 1 [0119.424] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x144cd [0119.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60b84ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60b84ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97fe9870, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x144d0)) returned 1 [0119.443] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg.blackhat")) returned 1 [0119.444] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x29b [0119.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9800f9d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2a0)) returned 1 [0119.459] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png.blackhat")) returned 1 [0119.460] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x265 [0119.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98035b30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x270)) returned 1 [0119.472] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png.blackhat")) returned 1 [0119.473] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x252 [0119.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9805bc90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x260)) returned 1 [0119.484] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png.blackhat")) returned 1 [0119.485] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x248 [0119.496] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98081df0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x250)) returned 1 [0119.496] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png.blackhat")) returned 1 [0119.497] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x21b [0119.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98081df0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x220)) returned 1 [0119.510] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png.blackhat")) returned 1 [0119.511] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x27b [0119.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x980a7f50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x280)) returned 1 [0119.521] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png.blackhat")) returned 1 [0119.522] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x268 [0119.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x980ce0b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x270)) returned 1 [0119.531] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png.blackhat")) returned 1 [0119.532] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x21e [0119.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x980f4210, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x220)) returned 1 [0119.545] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png.blackhat")) returned 1 [0119.546] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2e3 [0119.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x981404d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2f0)) returned 1 [0119.576] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png.blackhat")) returned 1 [0119.577] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x12c [0119.580] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x981404d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x130)) returned 1 [0119.580] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png.blackhat")) returned 1 [0119.581] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x391 [0119.594] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98166630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3a0)) returned 1 [0119.594] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png.blackhat")) returned 1 [0119.595] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1aa [0119.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9818c790, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1b0)) returned 1 [0119.610] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png.blackhat")) returned 1 [0119.611] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x234 [0119.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x981b28f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x240)) returned 1 [0119.629] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png.blackhat")) returned 1 [0119.630] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x21feb [0119.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x981d8a50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x21ff0)) returned 1 [0119.645] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png.blackhat")) returned 1 [0119.646] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3faf [0119.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x981febb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3fb0)) returned 1 [0119.655] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png.blackhat")) returned 1 [0119.656] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1dc [0119.669] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98224d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1e0)) returned 1 [0119.669] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png.blackhat")) returned 1 [0119.670] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1af [0119.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9824ae70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1b0)) returned 1 [0119.693] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png.blackhat")) returned 1 [0119.694] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x23b [0119.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98297130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x240)) returned 1 [0119.717] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png.blackhat")) returned 1 [0119.718] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x6a6 [0119.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ef0c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ef0c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x982bd290, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6b0)) returned 1 [0119.737] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png.blackhat")) returned 1 [0119.738] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x67 [0119.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfbb3b50, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfbb3b50, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98355810, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0119.805] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png.blackhat")) returned 1 [0119.808] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0119.812] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xe455 [0119.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa36d90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa36d90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x983edd90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe460)) returned 1 [0119.863] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif.blackhat")) returned 1 [0119.864] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2b [0119.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x984601b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x30)) returned 1 [0119.901] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif.blackhat")) returned 1 [0119.902] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2b [0119.909] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5120a1b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5120a1b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x984601b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x30)) returned 1 [0119.909] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif.blackhat")) returned 1 [0119.962] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x254f1 [0119.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd97bf10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbd97bf10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9851e890, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x25500)) returned 1 [0119.983] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt.blackhat")) returned 1 [0119.986] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x340b [0120.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x985449f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3410)) returned 1 [0120.001] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg.blackhat")) returned 1 [0120.002] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x19a4 [0120.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538925d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538925d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9856ab50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x19b0)) returned 1 [0120.014] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg.blackhat")) returned 1 [0120.015] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x278e [0120.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98590cb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2790)) returned 1 [0120.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg.blackhat")) returned 1 [0120.034] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2143 [0120.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98590cb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2150)) returned 1 [0120.037] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg.blackhat")) returned 1 [0120.038] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x912 [0120.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x985b6e10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x920)) returned 1 [0120.048] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg.blackhat")) returned 1 [0120.048] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x6e8 [0120.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x985b6e10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6f0)) returned 1 [0120.055] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg.blackhat")) returned 1 [0120.056] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x36d2 [0120.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x985dcf70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x36e0)) returned 1 [0120.062] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg.blackhat")) returned 1 [0120.063] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x75e [0120.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x986030d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0120.085] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg.blackhat")) returned 1 [0120.087] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x6dc [0120.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98629230, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6e0)) returned 1 [0120.091] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg.blackhat")) returned 1 [0120.092] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9be [0120.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98629230, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9c0)) returned 1 [0120.095] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg.blackhat")) returned 1 [0120.097] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1694 [0120.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98629230, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x16a0)) returned 1 [0120.101] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg.blackhat")) returned 1 [0120.102] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x85d [0120.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9864f390, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0120.106] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg.blackhat")) returned 1 [0120.107] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x878 [0120.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9864f390, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x880)) returned 1 [0120.118] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg.blackhat")) returned 1 [0120.119] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x878 [0120.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9869b650, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x880)) returned 1 [0120.135] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg.blackhat")) returned 1 [0120.136] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x77f [0120.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9869b650, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x780)) returned 1 [0120.148] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg.blackhat")) returned 1 [0120.149] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x22b3 [0120.153] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x986c17b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x22c0)) returned 1 [0120.153] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg.blackhat")) returned 1 [0120.154] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x19cf [0120.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x986e7910, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x19d0)) returned 1 [0120.167] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg.blackhat")) returned 1 [0120.168] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2ca1 [0120.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x986e7910, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2cb0)) returned 1 [0120.174] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg.blackhat")) returned 1 [0120.174] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1f37 [0120.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53950cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53950cb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x986e7910, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1f40)) returned 1 [0120.179] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg.blackhat")) returned 1 [0120.180] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2131 [0120.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9870da70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2140)) returned 1 [0120.186] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg.blackhat")) returned 1 [0120.187] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x370a [0120.200] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98733bd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3710)) returned 1 [0120.201] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg.blackhat")) returned 1 [0120.201] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x22a0 [0120.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98759d30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x22b0)) returned 1 [0120.213] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg.blackhat")) returned 1 [0120.214] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2036 [0120.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53657130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53657130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98759d30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2040)) returned 1 [0120.219] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg.blackhat")) returned 1 [0120.220] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x13fd [0120.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9877fe90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1400)) returned 1 [0120.236] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg.blackhat")) returned 1 [0120.237] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x884 [0120.245] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x987a5ff0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x890)) returned 1 [0120.245] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg.blackhat")) returned 1 [0120.246] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x34d8 [0120.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x987a5ff0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x34e0)) returned 1 [0120.256] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg.blackhat")) returned 1 [0120.260] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2fd1 [0120.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x987f22b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2fe0)) returned 1 [0120.275] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg.blackhat")) returned 1 [0120.276] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x29c3 [0120.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98818410, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x29d0)) returned 1 [0120.300] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg.blackhat")) returned 1 [0120.301] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xa7b [0120.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98818410, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa80)) returned 1 [0120.304] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg.blackhat")) returned 1 [0120.305] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x17af [0120.312] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5127c5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5127c5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9883e570, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17b0)) returned 1 [0120.313] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg.blackhat")) returned 1 [0120.313] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xaf3 [0120.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x988646d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb00)) returned 1 [0120.321] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg.blackhat")) returned 1 [0120.322] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x350a [0120.329] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x988646d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3510)) returned 1 [0120.329] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg.blackhat")) returned 1 [0120.331] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x68c [0120.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9888a830, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x690)) returned 1 [0120.340] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg.blackhat")) returned 1 [0120.341] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2d04 [0120.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x988b0990, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d10)) returned 1 [0120.357] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg.blackhat")) returned 1 [0120.358] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x863 [0120.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x988d6af0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x870)) returned 1 [0120.379] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg.blackhat")) returned 1 [0120.380] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1c9b [0120.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ade190, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ade190, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x988fcc50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1ca0)) returned 1 [0120.392] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg.blackhat")) returned 1 [0120.393] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x702 [0120.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98922db0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x710)) returned 1 [0120.405] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg.blackhat")) returned 1 [0120.406] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xaca8 [0120.416] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98948f10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xacb0)) returned 1 [0120.416] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg.blackhat")) returned 1 [0120.417] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x755 [0120.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98948f10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0120.424] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg.blackhat")) returned 1 [0120.425] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1c72 [0120.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9896f070, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1c80)) returned 1 [0120.438] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg.blackhat")) returned 1 [0120.439] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xa23 [0120.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x989951d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa30)) returned 1 [0120.456] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg.blackhat")) returned 1 [0120.457] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1ca7 [0120.460] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x989951d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1cb0)) returned 1 [0120.460] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg.blackhat")) returned 1 [0120.462] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9ef [0120.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe34d9d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe34d9d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x989bb330, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9f0)) returned 1 [0120.473] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg.blackhat")) returned 1 [0120.614] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x952 [0120.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98b380f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x960)) returned 1 [0120.626] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg.blackhat")) returned 1 [0120.627] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7a9 [0120.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98b5e250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7b0)) returned 1 [0120.636] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg.blackhat")) returned 1 [0120.637] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x86f [0120.647] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98b5e250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x870)) returned 1 [0120.647] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg.blackhat")) returned 1 [0120.648] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x828 [0120.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98b843b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x830)) returned 1 [0120.660] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg.blackhat")) returned 1 [0120.661] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3860 [0120.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98baa510, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3870)) returned 1 [0120.675] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg.blackhat")) returned 1 [0120.676] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x19a5 [0120.690] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98bd0670, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x19b0)) returned 1 [0120.690] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg.blackhat")) returned 1 [0120.691] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2619 [0120.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98bf67d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2620)) returned 1 [0120.702] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg.blackhat")) returned 1 [0120.703] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1f84 [0120.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98c1c930, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1f90)) returned 1 [0120.718] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg.blackhat")) returned 1 [0120.719] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1c7e [0120.723] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbded7090, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbded7090, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98c1c930, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1c80)) returned 1 [0120.723] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg.blackhat")) returned 1 [0120.724] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x8f9 [0120.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98c42a90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x900)) returned 1 [0120.734] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg.blackhat")) returned 1 [0120.735] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9b7 [0120.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98c42a90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9c0)) returned 1 [0120.742] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg.blackhat")) returned 1 [0120.743] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2cb0 [0120.755] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98c68bf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2cc0)) returned 1 [0120.756] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg.blackhat")) returned 1 [0120.757] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x228c [0120.763] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98c8ed50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2290)) returned 1 [0120.763] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg.blackhat")) returned 1 [0120.764] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x48ba [0120.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d9a020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d9a020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98cb4eb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x48c0)) returned 1 [0120.779] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg.blackhat")) returned 1 [0120.780] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x911 [0120.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55c14b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55c14b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98cdb010, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x920)) returned 1 [0120.792] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg.blackhat")) returned 1 [0120.794] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x14d [0120.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98cdb010, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x150)) returned 1 [0120.797] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png.blackhat")) returned 1 [0120.798] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x197 [0120.807] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98d01170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0120.807] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png.blackhat")) returned 1 [0120.808] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2c2 [0120.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98d01170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d0)) returned 1 [0120.817] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png.blackhat")) returned 1 [0120.818] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2c2 [0120.831] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98d272d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d0)) returned 1 [0120.831] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png.blackhat")) returned 1 [0120.832] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x204 [0120.839] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98d4d430, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x210)) returned 1 [0120.839] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png.blackhat")) returned 1 [0120.840] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2ed [0120.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98d4d430, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2f0)) returned 1 [0120.844] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png.blackhat")) returned 1 [0120.845] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2fc [0120.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98d73590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x300)) returned 1 [0120.856] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png.blackhat")) returned 1 [0120.857] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x35c [0120.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d73590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x360)) returned 1 [0120.863] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png.blackhat")) returned 1 [0120.864] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x19a [0120.873] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98d996f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0120.873] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png.blackhat")) returned 1 [0120.874] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xfe [0120.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98dbf850, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0120.887] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png.blackhat")) returned 1 [0120.888] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2c0 [0120.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98dbf850, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d0)) returned 1 [0120.899] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png.blackhat")) returned 1 [0120.899] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x227 [0120.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98de59b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x230)) returned 1 [0120.912] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png.blackhat")) returned 1 [0120.913] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x284 [0120.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98e0bb10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x290)) returned 1 [0120.922] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png.blackhat")) returned 1 [0120.923] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2b5 [0120.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98e31c70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2c0)) returned 1 [0120.935] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png.blackhat")) returned 1 [0120.937] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x36e [0120.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98e31c70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x370)) returned 1 [0120.942] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png.blackhat")) returned 1 [0120.943] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x23f [0120.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x455f5430, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x455f5430, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98e57dd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x240)) returned 1 [0120.956] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png.blackhat")) returned 1 [0120.957] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x67 [0120.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfb41730, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfb41730, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98e7df30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0120.970] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png.blackhat")) returned 1 [0120.975] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0120.980] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xa756 [0120.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45027e90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45027e90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98eca1f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa760)) returned 1 [0120.995] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif.blackhat")) returned 1 [0120.996] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x60c [0121.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c69520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c69520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98eca1f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x610)) returned 1 [0121.003] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif.blackhat")) returned 1 [0121.004] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2b [0121.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55333bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55333bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98ef0350, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x30)) returned 1 [0121.015] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif.blackhat")) returned 1 [0121.037] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x269b2 [0121.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98f62770, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x269c0)) returned 1 [0121.060] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt.blackhat")) returned 1 [0121.063] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7f7e [0121.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98f888d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7f80)) returned 1 [0121.072] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.blackhat")) returned 1 [0121.073] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7b8 [0121.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98faea30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7c0)) returned 1 [0121.087] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg.blackhat")) returned 1 [0121.088] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x36b1 [0121.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533f5b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533f5b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98faea30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x36c0)) returned 1 [0121.099] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg.blackhat")) returned 1 [0121.101] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x8217 [0121.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x98fd4b90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8220)) returned 1 [0121.114] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.blackhat")) returned 1 [0121.114] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x152c [0121.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45be8b30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45be8b30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x98ffacf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1530)) returned 1 [0121.125] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg.blackhat")) returned 1 [0121.126] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x97c [0121.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5360ae70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5360ae70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98ffacf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x980)) returned 1 [0121.131] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg.blackhat")) returned 1 [0121.132] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x29ca [0121.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99020e50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x29d0)) returned 1 [0121.136] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg.blackhat")) returned 1 [0121.137] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x862 [0121.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99020e50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x870)) returned 1 [0121.145] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg.blackhat")) returned 1 [0121.146] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x142e [0121.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99046fb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1430)) returned 1 [0121.154] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg.blackhat")) returned 1 [0121.162] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3e6b [0121.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58321c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58321c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9906d110, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3e70)) returned 1 [0121.174] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg.blackhat")) returned 1 [0121.174] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x812 [0121.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99093270, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x820)) returned 1 [0121.181] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg.blackhat")) returned 1 [0121.183] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xb22 [0121.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99093270, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb30)) returned 1 [0121.186] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg.blackhat")) returned 1 [0121.187] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1529 [0121.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539c30d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539c30d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99093270, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1530)) returned 1 [0121.191] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg.blackhat")) returned 1 [0121.192] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1e61 [0121.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x990b93d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1e70)) returned 1 [0121.195] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg.blackhat")) returned 1 [0121.196] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x636 [0121.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x990df530, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x640)) returned 1 [0121.214] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg.blackhat")) returned 1 [0121.215] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x82a [0121.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53278d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53278d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x990df530, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x830)) returned 1 [0121.218] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg.blackhat")) returned 1 [0121.219] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x161e [0121.225] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x990df530, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1620)) returned 1 [0121.225] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg.blackhat")) returned 1 [0121.227] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x5685 [0121.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a1fd500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a1fd500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9912b7f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5690)) returned 1 [0121.242] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg.blackhat")) returned 1 [0121.243] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2f6b [0121.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9912b7f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2f70)) returned 1 [0121.255] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg.blackhat")) returned 1 [0121.256] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x264b [0121.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99151950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2650)) returned 1 [0121.268] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg.blackhat")) returned 1 [0121.269] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3e08 [0121.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99177ab0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3e10)) returned 1 [0121.273] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg.blackhat")) returned 1 [0121.274] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xa1f [0121.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99177ab0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa20)) returned 1 [0121.280] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg.blackhat")) returned 1 [0121.281] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x82d [0121.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9919dc10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x830)) returned 1 [0121.289] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg.blackhat")) returned 1 [0121.291] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x16f5 [0121.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x612a8ee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x612a8ee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9919dc10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1700)) returned 1 [0121.304] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg.blackhat")) returned 1 [0121.306] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xc20 [0121.320] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x991e9ed0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc30)) returned 1 [0121.320] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg.blackhat")) returned 1 [0121.321] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x86e [0121.325] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x991e9ed0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x870)) returned 1 [0121.325] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg.blackhat")) returned 1 [0121.328] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x86e [0121.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x991e9ed0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x870)) returned 1 [0121.332] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg.blackhat")) returned 1 [0121.333] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x89a [0121.337] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99210030, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8a0)) returned 1 [0121.337] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg.blackhat")) returned 1 [0121.338] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7bb [0121.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99210030, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7c0)) returned 1 [0121.342] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg.blackhat")) returned 1 [0121.343] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9ab [0121.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99236190, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9b0)) returned 1 [0121.356] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg.blackhat")) returned 1 [0121.358] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7fd [0121.362] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99236190, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x800)) returned 1 [0121.362] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg.blackhat")) returned 1 [0121.367] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x82f [0121.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9925c2f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x830)) returned 1 [0121.371] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg.blackhat")) returned 1 [0121.372] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1afe [0121.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2e35a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2e35a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9925c2f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1b00)) returned 1 [0121.378] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg.blackhat")) returned 1 [0121.379] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1fc3 [0121.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99282450, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1fd0)) returned 1 [0121.386] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg.blackhat")) returned 1 [0121.387] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2ecb [0121.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99282450, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2ed0)) returned 1 [0121.391] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg.blackhat")) returned 1 [0121.392] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9c5 [0121.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x992a85b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9d0)) returned 1 [0121.400] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg.blackhat")) returned 1 [0121.401] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2669 [0121.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x992a85b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2670)) returned 1 [0121.407] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg.blackhat")) returned 1 [0121.409] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2a77 [0121.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x992ce710, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2a80)) returned 1 [0121.418] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg.blackhat")) returned 1 [0121.419] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2fe3 [0121.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x992ce710, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2ff0)) returned 1 [0121.428] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg.blackhat")) returned 1 [0121.429] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x857 [0121.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x992f4870, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0121.441] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg.blackhat")) returned 1 [0121.442] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x7d9 [0121.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9931a9d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7e0)) returned 1 [0121.453] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg.blackhat")) returned 1 [0121.454] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x8c5 [0121.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9931a9d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8d0)) returned 1 [0121.458] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg.blackhat")) returned 1 [0121.459] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3323 [0121.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99340b30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3330)) returned 1 [0121.466] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg.blackhat")) returned 1 [0121.467] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x9d7 [0121.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99340b30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9e0)) returned 1 [0121.473] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg.blackhat")) returned 1 [0121.474] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2d32 [0121.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99366c90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d40)) returned 1 [0121.478] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg.blackhat")) returned 1 [0121.479] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x85d [0121.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9938cdf0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0121.499] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg.blackhat")) returned 1 [0121.500] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x197c [0121.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x993b2f50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1980)) returned 1 [0121.514] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg.blackhat")) returned 1 [0121.514] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xb7e [0121.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x993d90b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb80)) returned 1 [0121.527] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg.blackhat")) returned 1 [0121.527] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1b14 [0121.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x993ff210, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1b20)) returned 1 [0121.545] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg.blackhat")) returned 1 [0121.546] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2978 [0121.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99425370, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2980)) returned 1 [0121.555] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg.blackhat")) returned 1 [0121.556] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2b6c [0121.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99425370, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2b70)) returned 1 [0121.559] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg.blackhat")) returned 1 [0121.562] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2676 [0121.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45478670, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45478670, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99425370, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2680)) returned 1 [0121.566] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg.blackhat")) returned 1 [0121.567] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xb41 [0121.593] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99471630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb50)) returned 1 [0121.593] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg.blackhat")) returned 1 [0121.594] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x25f6 [0121.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99471630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2600)) returned 1 [0121.598] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg.blackhat")) returned 1 [0121.599] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x819 [0121.611] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99497790, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x820)) returned 1 [0121.611] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg.blackhat")) returned 1 [0121.612] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x916 [0121.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x994bd8f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x920)) returned 1 [0121.620] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg.blackhat")) returned 1 [0121.622] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x918 [0121.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x994e3a50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x920)) returned 1 [0121.642] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg.blackhat")) returned 1 [0121.643] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1fdaf [0121.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60cdb940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60cdb940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99509bb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1fdb0)) returned 1 [0121.654] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg.blackhat")) returned 1 [0121.656] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x5244 [0121.671] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64009240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64009240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9952fd10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5250)) returned 1 [0121.671] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg.blackhat")) returned 1 [0121.673] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xc05f [0121.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99555e70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc060)) returned 1 [0121.679] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png.blackhat")) returned 1 [0121.680] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3e3 [0121.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99555e70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3f0)) returned 1 [0121.689] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png.blackhat")) returned 1 [0121.690] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1d0 [0121.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5341bc90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5341bc90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9957bfd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1e0)) returned 1 [0121.698] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png.blackhat")) returned 1 [0121.699] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1c4 [0121.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x995a2130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1d0)) returned 1 [0121.713] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png.blackhat")) returned 1 [0121.714] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2ed [0121.723] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x995a2130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2f0)) returned 1 [0121.723] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png.blackhat")) returned 1 [0121.724] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x19e [0121.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x995c8290, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0121.738] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png.blackhat")) returned 1 [0121.739] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2c1 [0121.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x995ee3f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d0)) returned 1 [0121.743] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png.blackhat")) returned 1 [0121.744] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x157 [0121.753] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x995ee3f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0121.754] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png.blackhat")) returned 1 [0121.755] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x145 [0121.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99614550, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x150)) returned 1 [0121.768] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png.blackhat")) returned 1 [0121.769] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1b6 [0121.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9963a6b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1c0)) returned 1 [0121.772] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png.blackhat")) returned 1 [0121.773] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x156 [0121.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99660810, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0121.801] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png.blackhat")) returned 1 [0121.802] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xef00 [0121.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a91ed0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a91ed0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x99686970, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xef10)) returned 1 [0121.817] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png.blackhat")) returned 1 [0121.818] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x3a2 [0121.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x996d2c30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3b0)) returned 1 [0121.836] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png.blackhat")) returned 1 [0121.838] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x24c [0121.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x996d2c30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x250)) returned 1 [0121.848] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png.blackhat")) returned 1 [0121.849] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x398 [0121.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x996f8d90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3a0)) returned 1 [0121.853] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png.blackhat")) returned 1 [0121.854] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x230 [0121.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x996f8d90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x240)) returned 1 [0121.864] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png.blackhat")) returned 1 [0121.865] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x116 [0121.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9971eef0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x120)) returned 1 [0121.879] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png.blackhat")) returned 1 [0121.881] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x1622 [0121.892] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x99745050, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1630)) returned 1 [0121.892] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png.blackhat")) returned 1 [0121.894] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x13d [0121.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), fInfoLevelId=0x0, lpFileInformation=0x29e350 | out: lpFileInformation=0x29e350*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x610b9d00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9976b1b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x140)) returned 1 [0121.912] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png.blackhat")) returned 1 [0121.917] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0121.999] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x104 [0122.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9984f9f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0122.001] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml.blackhat")) returned 1 [0122.003] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x200000 [0122.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x99a3ebd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x200010)) returned 1 [0122.197] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log.blackhat")) returned 1 [0122.198] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x200000 [0122.208] ReadFile (in: hFile=0x258, lpBuffer=0x126ff138, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x29e4f8, lpOverlapped=0x0 | out: lpBuffer=0x126ff138*, lpNumberOfBytesRead=0x29e4f8*=0x200000, lpOverlapped=0x0) returned 1 [0122.296] CloseHandle (hObject=0x258) returned 1 [0122.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x99c7a070, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x200010)) returned 1 [0122.439] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log.blackhat")) returned 1 [0122.456] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0122.561] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x200000 [0122.569] ReadFile (in: hFile=0x258, lpBuffer=0x123999c0, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x123999c0*, lpNumberOfBytesRead=0x29e398*=0x200000, lpOverlapped=0x0) returned 1 [0122.639] CloseHandle (hObject=0x258) returned 1 [0122.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2d0) returned 1 [0122.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0122.705] GetFileType (hFile=0x258) returned 0x1 [0122.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e240) returned 1 [0122.705] GetFileType (hFile=0x258) returned 0x1 [0122.705] WriteFile (in: hFile=0x258, lpBuffer=0x12199978*, nNumberOfBytesToWrite=0x200010, lpNumberOfBytesWritten=0x29e3f8, lpOverlapped=0x0 | out: lpBuffer=0x12199978*, lpNumberOfBytesWritten=0x29e3f8*=0x200010, lpOverlapped=0x0) returned 1 [0122.738] CloseHandle (hObject=0x258) returned 1 [0122.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log", lpFilePart=0x0) returned 0x5a [0122.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.BlackHat", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.BlackHat", lpFilePart=0x0) returned 0x63 [0122.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3d0) returned 1 [0122.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a00c170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x200010)) returned 1 [0122.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e390) returned 1 [0122.855] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log.blackhat")) returned 1 [0122.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.st", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.pff", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.mft", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.efd", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.ini", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.859] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.859] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.CFL", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.859] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.859] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.cer", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.859] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.backup", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.7z", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.861] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.tiff", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.861] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.861] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.jpeg", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.862] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.862] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.accdb", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.862] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.862] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.sqlite", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.863] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.863] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.dbf", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.863] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.863] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*1cd", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.864] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.864] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.864] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.mdb", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.864] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.864] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.864] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.cd", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.865] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.865] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.cdr", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.865] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.865] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.dwg", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.866] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.866] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.gif", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.866] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.866] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.mp4", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.867] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.867] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.avi", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.867] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.867] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.mkv", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.wmv", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.webmp", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.869] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*.bak", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0122.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0122.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0122.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e4b0) returned 1 [0122.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", nBufferLength=0x105, lpBuffer=0x29dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpFilePart=0x0) returned 0x4d [0122.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", nBufferLength=0x105, lpBuffer=0x29df40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\", lpFilePart=0x0) returned 0x4e [0122.869] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*", lpFindFileData=0x29e150 | out: lpFindFileData=0x29e150) returned 0x1a95fe50 [0122.870] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0122.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e400) returned 1 [0122.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3c0) returned 1 [0122.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.871] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.871] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.txt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.892] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.892] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.doc", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.894] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.894] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.894] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.docx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.895] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.895] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.896] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.xls", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.897] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.897] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.897] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.xlsx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.899] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.899] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.ppt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.901] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.901] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.901] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.pptx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.902] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.902] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.odt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0122.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0122.904] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0122.904] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0122.904] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.jpg", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0x1a95fe50 [0122.905] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0122.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0122.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0122.906] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", lpFilePart=0x0) returned 0x57 [0122.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0122.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0122.912] GetFileType (hFile=0x258) returned 0x1 [0122.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0122.912] GetFileType (hFile=0x258) returned 0x1 [0122.913] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x432 [0122.925] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", lpFilePart=0x0) returned 0x57 [0122.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0122.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0122.926] GetFileType (hFile=0x258) returned 0x1 [0122.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0122.926] GetFileType (hFile=0x258) returned 0x1 [0122.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", lpFilePart=0x0) returned 0x57 [0122.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.BlackHat", lpFilePart=0x0) returned 0x60 [0122.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0122.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a0ca850, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x440)) returned 1 [0122.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0122.927] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.blackhat")) returned 1 [0122.928] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", lpFilePart=0x0) returned 0x58 [0122.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0122.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0122.928] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x5d3f [0122.940] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", lpFilePart=0x0) returned 0x58 [0122.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0122.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0122.943] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", lpFilePart=0x0) returned 0x58 [0122.943] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.BlackHat", lpFilePart=0x0) returned 0x61 [0122.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0122.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a0f09b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5d40)) returned 1 [0122.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0122.944] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.blackhat")) returned 1 [0122.945] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", lpFilePart=0x0) returned 0x5e [0122.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0122.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0122.945] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x1906 [0123.005] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", lpFilePart=0x0) returned 0x5e [0123.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.007] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", lpFilePart=0x0) returned 0x5e [0123.007] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.BlackHat", lpFilePart=0x0) returned 0x67 [0123.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.007] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a188f30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1910)) returned 1 [0123.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.008] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.blackhat")) returned 1 [0123.009] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", lpFilePart=0x0) returned 0x5c [0123.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.009] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x107e [0123.020] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", lpFilePart=0x0) returned 0x5c [0123.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", lpFilePart=0x0) returned 0x5c [0123.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.BlackHat", lpFilePart=0x0) returned 0x65 [0123.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a1af090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1080)) returned 1 [0123.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.022] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.blackhat")) returned 1 [0123.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", lpFilePart=0x0) returned 0x5f [0123.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.024] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x18ed [0123.057] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", lpFilePart=0x0) returned 0x5f [0123.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", lpFilePart=0x0) returned 0x5f [0123.060] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.BlackHat", lpFilePart=0x0) returned 0x68 [0123.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a1fb350, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18f0)) returned 1 [0123.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.060] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.blackhat")) returned 1 [0123.062] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", lpFilePart=0x0) returned 0x59 [0123.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.063] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x13fb [0123.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", lpFilePart=0x0) returned 0x59 [0123.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.092] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", lpFilePart=0x0) returned 0x59 [0123.092] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.BlackHat", lpFilePart=0x0) returned 0x62 [0123.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a247610, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1400)) returned 1 [0123.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.092] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.blackhat")) returned 1 [0123.093] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", lpFilePart=0x0) returned 0x57 [0123.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.094] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x780 [0123.122] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", lpFilePart=0x0) returned 0x57 [0123.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.123] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", lpFilePart=0x0) returned 0x57 [0123.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.BlackHat", lpFilePart=0x0) returned 0x60 [0123.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a2938d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x790)) returned 1 [0123.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.124] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.blackhat")) returned 1 [0123.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", lpFilePart=0x0) returned 0x5e [0123.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.125] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x127e [0123.152] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", lpFilePart=0x0) returned 0x5e [0123.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", lpFilePart=0x0) returned 0x5e [0123.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.BlackHat", lpFilePart=0x0) returned 0x67 [0123.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a2dfb90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1280)) returned 1 [0123.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.154] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.blackhat")) returned 1 [0123.155] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", lpFilePart=0x0) returned 0x5a [0123.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.156] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x2949 [0123.191] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", lpFilePart=0x0) returned 0x5a [0123.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.193] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", lpFilePart=0x0) returned 0x5a [0123.193] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.BlackHat", lpFilePart=0x0) returned 0x63 [0123.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a351fb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2950)) returned 1 [0123.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.193] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.blackhat")) returned 1 [0123.231] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", lpFilePart=0x0) returned 0x57 [0123.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.232] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x1d51 [0123.269] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", lpFilePart=0x0) returned 0x57 [0123.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e380) returned 1 [0123.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0123.271] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", lpFilePart=0x0) returned 0x57 [0123.271] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.BlackHat", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.BlackHat", lpFilePart=0x0) returned 0x60 [0123.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e480) returned 1 [0123.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a410690, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1d60)) returned 1 [0123.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e440) returned 1 [0123.271] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.blackhat")) returned 1 [0123.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.272] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.273] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.273] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.png", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.273] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.273] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.273] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.csv", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.274] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.274] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.274] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.sql", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.274] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.274] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.274] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.mdb", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.275] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.275] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.275] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.sln", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.276] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.php", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.276] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.asp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.277] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.aspx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.html", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.xml", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.279] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.279] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.psd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.279] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.279] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.rar", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.280] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.280] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.zip", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.280] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.281] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.mp3", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.281] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.exe", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.PDF", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.rtf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.283] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.283] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.283] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.DT", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.283] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.284] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.284] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.CF", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.284] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.284] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.284] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.CFU", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.285] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.285] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.mxl", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.285] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.epf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.erf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.287] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.287] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.vrp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.287] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.287] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.grs", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e450) returned 1 [0123.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e540) returned 1 [0123.288] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.288] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.geo", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0123.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.elf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.lgf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.290] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.lgp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.290] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.290] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.log", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.290] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.291] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.st", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.291] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.291] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.pff", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.291] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.291] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.mft", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.efd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.ini", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0x1a95fe50 [0123.293] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0123.293] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini", lpFilePart=0x0) returned 0x59 [0123.293] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x285 [0123.300] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini", nBufferLength=0x105, lpBuffer=0x29dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini", lpFilePart=0x0) returned 0x59 [0123.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.302] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.CFL", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.303] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.cer", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.303] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.backup", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.7z", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.tiff", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.jpeg", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.accdb", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.sqlite", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.306] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.dbf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.306] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*1cd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.mdb", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.cd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.cdr", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.dwg", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.gif", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.mp4", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.avi", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.mkv", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.wmv", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.webmp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*.bak", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", nBufferLength=0x105, lpBuffer=0x29e050, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpFilePart=0x0) returned 0x4d [0123.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", nBufferLength=0x105, lpBuffer=0x29dff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", lpFilePart=0x0) returned 0x4e [0123.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x29e200 | out: lpFindFileData=0x29e200) returned 0x1a95fe50 [0123.312] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0123.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.txt", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.313] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.doc", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.313] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.docx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.313] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.xls", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.313] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.xlsx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.314] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.ppt", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.314] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.pptx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.314] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.odt", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.315] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.315] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\", lpFilePart=0x0) returned 0x44 [0123.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.jpg", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.315] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x29e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x43 [0123.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.png", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.csv", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.sql", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.316] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.mdb", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.316] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.sln", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.316] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.php", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.316] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.asp", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.aspx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.html", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.xml", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.psd", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.rar", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.zip", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.mp3", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.exe", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.PDF", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.319] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.rtf", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.319] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.DT", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.319] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.CF", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.319] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.CFU", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.319] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.mxl", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.320] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.epf", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.320] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.erf", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.320] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.vrp", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.320] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.grs", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.320] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.geo", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.321] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.elf", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.321] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.lgf", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.321] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.lgp", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.321] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.log", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.321] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.st", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.pff", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.mft", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.efd", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.ini", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.323] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.CFL", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.323] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.cer", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.323] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.backup", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.323] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.7z", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.323] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.tiff", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.jpeg", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.accdb", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.sqlite", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.dbf", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*1cd", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.mdb", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.cd", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.cdr", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.dwg", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.gif", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.mp4", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.avi", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.mkv", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.wmv", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.webmp", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*.bak", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x29e2b0 | out: lpFindFileData=0x29e2b0) returned 0x1a95fe50 [0123.327] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0123.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.txt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.doc", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.docx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.xls", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.xlsx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.ppt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.pptx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.odt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.jpg", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.png", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.csv", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.sql", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.mdb", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.sln", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.php", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.asp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.aspx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.html", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.xml", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0x1a95fe50 [0123.333] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0123.333] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x27cf [0123.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a4a8c10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x27d0)) returned 1 [0123.344] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.blackhat")) returned 1 [0123.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.psd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.rar", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.zip", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.mp3", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.exe", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.PDF", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.rtf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.DT", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.CF", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.CFU", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.347] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.mxl", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.347] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.epf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.347] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.erf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.347] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.vrp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.grs", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.geo", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.elf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.lgf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.lgp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.log", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.st", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.pff", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.mft", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.efd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.ini", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.CFL", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.cer", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.backup", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.7z", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.tiff", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.jpeg", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.accdb", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.sqlite", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.dbf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*1cd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.mdb", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.cd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.cdr", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.dwg", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.gif", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.mp4", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.avi", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.mkv", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.wmv", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.webmp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*.bak", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0123.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x29e200 | out: lpFindFileData=0x29e200) returned 0x1a95fe50 [0123.354] FindClose (in: hFindFile=0x1a95fe50 | out: hFindFile=0x1a95fe50) returned 1 [0123.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.txt", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.355] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.doc", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.355] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.docx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.355] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.xls", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.xlsx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.ppt", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.pptx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.odt", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.jpg", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.png", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.csv", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.sql", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.mdb", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.sln", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.php", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.asp", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.aspx", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.html", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.xml", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.psd", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.rar", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.zip", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.360] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.mp3", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.360] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*.exe", lpFindFileData=0x29e290 | out: lpFindFileData=0x29e290) returned 0xffffffffffffffff [0123.361] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x54 [0123.365] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9a4f4ed0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0123.365] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.blackhat")) returned 1 [0123.625] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x40000 [0123.665] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbece4d60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbece4d60, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9a7c88f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40010)) returned 1 [0123.665] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite.blackhat")) returned 1 [0123.823] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x40b0 [0123.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83cc0a50, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83cc0a50, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x9a96b810, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40c0)) returned 1 [0123.845] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.blackhat")) returned 1 [0123.846] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x40b0 [0123.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83ce6bb0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x9a991970, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40c0)) returned 1 [0123.861] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.blackhat")) returned 1 [0123.863] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x1c362 [0123.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9aa29ef0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1c370)) returned 1 [0123.916] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.blackhat")) returned 1 [0123.980] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x464 [0123.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a2b6d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x9aae85d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x470)) returned 1 [0123.997] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.blackhat")) returned 1 [0123.998] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x39 [0124.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x9ab0e730, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40)) returned 1 [0124.011] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.blackhat")) returned 1 [0124.022] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xe7b7 [0124.028] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QjHK-DKWSiBEF 2.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qjhk-dkwsibef 2.doc"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1398e0, ftCreationTime.dwHighDateTime=0x1d45ab3, ftLastAccessTime.dwLowDateTime=0x9017b850, ftLastAccessTime.dwHighDateTime=0x1d46389, ftLastWriteTime.dwLowDateTime=0x9ab34890, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe7c0)) returned 1 [0124.029] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QjHK-DKWSiBEF 2.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qjhk-dkwsibef 2.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QjHK-DKWSiBEF 2.doc.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qjhk-dkwsibef 2.doc.blackhat")) returned 1 [0124.030] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x1020c [0124.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bpAyrcK.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bpayrck.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab0757a0, ftCreationTime.dwHighDateTime=0x1d45b0b, ftLastAccessTime.dwLowDateTime=0x795ab9c0, ftLastAccessTime.dwHighDateTime=0x1d4570c, ftLastWriteTime.dwLowDateTime=0x9ab5a9f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10210)) returned 1 [0124.037] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bpAyrcK.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bpayrck.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bpAyrcK.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bpayrck.jpg.blackhat")) returned 1 [0124.038] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x1374e [0124.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jxlvdytN.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jxlvdytn.png"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x166ccec0, ftCreationTime.dwHighDateTime=0x1d45f7c, ftLastAccessTime.dwLowDateTime=0x51d489a0, ftLastAccessTime.dwHighDateTime=0x1d45eb2, ftLastWriteTime.dwLowDateTime=0x9ab5a9f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x13750)) returned 1 [0124.045] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jxlvdytN.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jxlvdytn.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jxlvdytN.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jxlvdytn.png.blackhat")) returned 1 [0124.047] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x108fe [0124.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\9FCtt96b-wMfQJSca9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\9fctt96b-wmfqjsca9.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfd82c1c0, ftCreationTime.dwHighDateTime=0x1d45ce8, ftLastAccessTime.dwLowDateTime=0x8c9484d0, ftLastAccessTime.dwHighDateTime=0x1d45c11, ftLastWriteTime.dwLowDateTime=0x9ab80b50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10900)) returned 1 [0124.055] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\9FCtt96b-wMfQJSca9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\9fctt96b-wmfqjsca9.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\9FCtt96b-wMfQJSca9.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\9fctt96b-wmfqjsca9.mp3.blackhat")) returned 1 [0124.056] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x128dd [0124.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gm2lS0U7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gm2ls0u7.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c5c9bc0, ftCreationTime.dwHighDateTime=0x1d45ebf, ftLastAccessTime.dwLowDateTime=0x5c60bed0, ftLastAccessTime.dwHighDateTime=0x1d46127, ftLastWriteTime.dwLowDateTime=0x9ab80b50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x128e0)) returned 1 [0124.062] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gm2lS0U7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gm2ls0u7.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gm2lS0U7.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gm2ls0u7.mp3.blackhat")) returned 1 [0124.064] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x16fc9 [0124.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TVaAl3E5.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tvaal3e5.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2e85d10, ftCreationTime.dwHighDateTime=0x1d45842, ftLastAccessTime.dwLowDateTime=0x34840c70, ftLastAccessTime.dwHighDateTime=0x1d45ca7, ftLastWriteTime.dwLowDateTime=0x9aba6cb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x16fd0)) returned 1 [0124.072] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TVaAl3E5.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tvaal3e5.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TVaAl3E5.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tvaal3e5.mp3.blackhat")) returned 1 [0124.074] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x273f [0124.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\m6jeM.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\m6jem.pdf"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8aa3ac10, ftCreationTime.dwHighDateTime=0x1d4643a, ftLastAccessTime.dwLowDateTime=0xd0af30, ftLastAccessTime.dwHighDateTime=0x1d46055, ftLastWriteTime.dwLowDateTime=0x9aba6cb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2740)) returned 1 [0124.078] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\m6jeM.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\m6jem.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\m6jeM.pdf.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\m6jem.pdf.blackhat")) returned 1 [0124.079] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x2c3 [0124.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d0907e0, ftCreationTime.dwHighDateTime=0x1d46685, ftLastAccessTime.dwLowDateTime=0x4d0907e0, ftLastAccessTime.dwHighDateTime=0x1d46685, ftLastWriteTime.dwLowDateTime=0x9abcce10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2d0)) returned 1 [0124.083] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log.blackhat")) returned 1 [0124.098] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x4ab7 [0124.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jjKtMBNOiIa1r.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jjktmbnoiia1r.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfc83d7d0, ftCreationTime.dwHighDateTime=0x1d464c9, ftLastAccessTime.dwLowDateTime=0xc86591e0, ftLastAccessTime.dwHighDateTime=0x1d45a20, ftLastWriteTime.dwLowDateTime=0x9abf2f70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x4ac0)) returned 1 [0124.102] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jjKtMBNOiIa1r.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jjktmbnoiia1r.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jjKtMBNOiIa1r.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jjktmbnoiia1r.gif.blackhat")) returned 1 [0124.103] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xd3c0 [0124.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Smiwu4O3Y2c5A Ag-g.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\smiwu4o3y2c5a ag-g.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c06a920, ftCreationTime.dwHighDateTime=0x1d45658, ftLastAccessTime.dwLowDateTime=0x5f0ef3f0, ftLastAccessTime.dwHighDateTime=0x1d4602c, ftLastWriteTime.dwLowDateTime=0x9abf2f70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd3d0)) returned 1 [0124.109] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Smiwu4O3Y2c5A Ag-g.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\smiwu4o3y2c5a ag-g.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Smiwu4O3Y2c5A Ag-g.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\smiwu4o3y2c5a ag-g.gif.blackhat")) returned 1 [0124.110] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x10f96 [0124.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tAFgN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tafgn.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6f539df0, ftCreationTime.dwHighDateTime=0x1d45cf9, ftLastAccessTime.dwLowDateTime=0xba978330, ftLastAccessTime.dwHighDateTime=0x1d45dc1, ftLastWriteTime.dwLowDateTime=0x9ac190d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10fa0)) returned 1 [0124.117] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tAFgN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tafgn.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tAFgN.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tafgn.gif.blackhat")) returned 1 [0124.118] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x185f4 [0124.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\UHfwVb__j.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\uhfwvb__j.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd0713b0, ftCreationTime.dwHighDateTime=0x1d465c4, ftLastAccessTime.dwLowDateTime=0xa9ab1a90, ftLastAccessTime.dwHighDateTime=0x1d460bf, ftLastWriteTime.dwLowDateTime=0x9ac190d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18600)) returned 1 [0124.129] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\UHfwVb__j.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\uhfwvb__j.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\UHfwVb__j.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\uhfwvb__j.gif.blackhat")) returned 1 [0124.130] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x8a8 [0124.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lVRG84hbvN0nB0N.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lvrg84hbvn0nb0n.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3c0b9c0, ftCreationTime.dwHighDateTime=0x1d461f4, ftLastAccessTime.dwLowDateTime=0x18fc5110, ftLastAccessTime.dwHighDateTime=0x1d45a8b, ftLastWriteTime.dwLowDateTime=0x9ac3f230, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8b0)) returned 1 [0124.134] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lVRG84hbvN0nB0N.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lvrg84hbvn0nb0n.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lVRG84hbvN0nB0N.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lvrg84hbvn0nb0n.mp4.blackhat")) returned 1 [0124.135] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x14a69 [0124.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\C9MwnbENWA-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\c9mwnbenwa-.avi"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf788f520, ftCreationTime.dwHighDateTime=0x1d45782, ftLastAccessTime.dwLowDateTime=0x1ce56dd0, ftLastAccessTime.dwHighDateTime=0x1d465de, ftLastWriteTime.dwLowDateTime=0x9ac3f230, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x14a70)) returned 1 [0124.142] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\C9MwnbENWA-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\c9mwnbenwa-.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\C9MwnbENWA-.avi.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\c9mwnbenwa-.avi.blackhat")) returned 1 [0124.144] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xe482 [0124.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hT5c7QAf_x4RLlcdty.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ht5c7qaf_x4rllcdty.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe26a5b10, ftCreationTime.dwHighDateTime=0x1d45aad, ftLastAccessTime.dwLowDateTime=0x3ef2220, ftLastAccessTime.dwHighDateTime=0x1d464c7, ftLastWriteTime.dwLowDateTime=0x9ac65390, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe490)) returned 1 [0124.150] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hT5c7QAf_x4RLlcdty.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ht5c7qaf_x4rllcdty.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hT5c7QAf_x4RLlcdty.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ht5c7qaf_x4rllcdty.mkv.blackhat")) returned 1 [0124.151] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x15e1f [0124.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\i5x2JHXokzey.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\i5x2jhxokzey.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0e12530, ftCreationTime.dwHighDateTime=0x1d46655, ftLastAccessTime.dwLowDateTime=0xedea9920, ftLastAccessTime.dwHighDateTime=0x1d45af1, ftLastWriteTime.dwLowDateTime=0x9acb1650, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x15e20)) returned 1 [0124.184] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\i5x2JHXokzey.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\i5x2jhxokzey.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\i5x2JHXokzey.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\i5x2jhxokzey.mkv.blackhat")) returned 1 [0124.185] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x15012 [0124.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\t-tlG1x6m2mD.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\t-tlg1x6m2md.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb87068b0, ftCreationTime.dwHighDateTime=0x1d45a38, ftLastAccessTime.dwLowDateTime=0xb3862f40, ftLastAccessTime.dwHighDateTime=0x1d45d41, ftLastWriteTime.dwLowDateTime=0x9acd77b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x15020)) returned 1 [0124.194] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\t-tlG1x6m2mD.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\t-tlg1x6m2md.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\t-tlG1x6m2mD.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\t-tlg1x6m2md.mkv.blackhat")) returned 1 [0124.204] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x91 [0124.214] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0124.222] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0124.229] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0124.236] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0124.252] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0124.273] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x10324 [0124.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\~nsu.tmp\\au_.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e428590, ftCreationTime.dwHighDateTime=0x1d486f4, ftLastAccessTime.dwLowDateTime=0x7e428590, ftLastAccessTime.dwHighDateTime=0x1d486f4, ftLastWriteTime.dwLowDateTime=0x9ad95e90, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10330)) returned 1 [0124.281] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\~nsu.tmp\\au_.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\~nsu.tmp\\au_.exe.blackhat")) returned 1 [0124.362] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xa5ff [0124.368] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9b6a040, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9b6a040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9ae7a6d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa600)) returned 1 [0124.368] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.blackhat")) returned 1 [0124.674] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xd [0124.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9b174250, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0124.677] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml.blackhat")) returned 1 [0124.691] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xd [0124.695] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9b19a3b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0124.696] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml.blackhat")) returned 1 [0124.706] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x344 [0124.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9b1c0510, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x350)) returned 1 [0124.719] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml.blackhat")) returned 1 [0124.766] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x6081 [0124.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LPJQY2wzs5s7ujKjyT.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpjqy2wzs5s7ujkjyt.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x18ade6b0, ftCreationTime.dwHighDateTime=0x1d45fe0, ftLastAccessTime.dwLowDateTime=0x751fce60, ftLastAccessTime.dwHighDateTime=0x1d459ad, ftLastWriteTime.dwLowDateTime=0x9b2caeb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6090)) returned 1 [0124.829] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LPJQY2wzs5s7ujKjyT.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpjqy2wzs5s7ujkjyt.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LPJQY2wzs5s7ujKjyT.xlsx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpjqy2wzs5s7ujkjyt.xlsx.blackhat")) returned 1 [0124.830] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x129ca [0124.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mc QLA3GJobMC4lz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mc qla3gjobmc4lz.pptx"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5b79c20, ftCreationTime.dwHighDateTime=0x1d45fdc, ftLastAccessTime.dwLowDateTime=0x9f8cc9c0, ftLastAccessTime.dwHighDateTime=0x1d45e47, ftLastWriteTime.dwLowDateTime=0x9b317170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x129d0)) returned 1 [0124.846] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mc QLA3GJobMC4lz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mc qla3gjobmc4lz.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mc QLA3GJobMC4lz.pptx.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mc qla3gjobmc4lz.pptx.blackhat")) returned 1 [0124.847] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x96b2 [0124.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Zvo8zX52WI3Wn.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zvo8zx52wi3wn.ppt"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33289bd0, ftCreationTime.dwHighDateTime=0x1d45b8e, ftLastAccessTime.dwLowDateTime=0xbe35d710, ftLastAccessTime.dwHighDateTime=0x1d45daa, ftLastWriteTime.dwLowDateTime=0x9b317170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x96c0)) returned 1 [0124.853] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Zvo8zX52WI3Wn.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zvo8zx52wi3wn.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Zvo8zX52WI3Wn.ppt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zvo8zx52wi3wn.ppt.blackhat")) returned 1 [0124.854] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x7135 [0124.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EW3cyJraogZLzgH.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ew3cyjraogzlzgh.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c1cbf80, ftCreationTime.dwHighDateTime=0x1d45ed9, ftLastAccessTime.dwLowDateTime=0xc2bd7400, ftLastAccessTime.dwHighDateTime=0x1d4665b, ftLastWriteTime.dwLowDateTime=0x9b317170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7140)) returned 1 [0124.860] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EW3cyJraogZLzgH.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ew3cyjraogzlzgh.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EW3cyJraogZLzgH.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ew3cyjraogzlzgh.jpg.blackhat")) returned 1 [0124.861] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xa1d7 [0124.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\r6YRZQKMsCAF0H8ZB-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r6yrzqkmscaf0h8zb-.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdfb4390, ftCreationTime.dwHighDateTime=0x1d46393, ftLastAccessTime.dwLowDateTime=0x7b9ba860, ftLastAccessTime.dwHighDateTime=0x1d45825, ftLastWriteTime.dwLowDateTime=0x9b33d2d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa1e0)) returned 1 [0124.866] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\r6YRZQKMsCAF0H8ZB-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r6yrzqkmscaf0h8zb-.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\r6YRZQKMsCAF0H8ZB-.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r6yrzqkmscaf0h8zb-.jpg.blackhat")) returned 1 [0124.868] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x10eb9 [0124.874] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VxEZEyGf3x.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vxezeygf3x.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66702440, ftCreationTime.dwHighDateTime=0x1d463db, ftLastAccessTime.dwLowDateTime=0xb0226bc0, ftLastAccessTime.dwHighDateTime=0x1d4606b, ftLastWriteTime.dwLowDateTime=0x9b33d2d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10ec0)) returned 1 [0124.877] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VxEZEyGf3x.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vxezeygf3x.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VxEZEyGf3x.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vxezeygf3x.jpg.blackhat")) returned 1 [0124.878] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xb24a [0124.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\17oWwaHjx52n1h.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\17owwahjx52n1h.png"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1aad8b20, ftCreationTime.dwHighDateTime=0x1d463ad, ftLastAccessTime.dwLowDateTime=0xfc183720, ftLastAccessTime.dwHighDateTime=0x1d460cb, ftLastWriteTime.dwLowDateTime=0x9b363430, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb250)) returned 1 [0124.884] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\17oWwaHjx52n1h.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\17owwahjx52n1h.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\17oWwaHjx52n1h.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\17owwahjx52n1h.png.blackhat")) returned 1 [0124.886] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xd519 [0124.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PgOfk9-TAig4g43kH9I.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pgofk9-taig4g43kh9i.png"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfdb14840, ftCreationTime.dwHighDateTime=0x1d45c9a, ftLastAccessTime.dwLowDateTime=0x1084f500, ftLastAccessTime.dwHighDateTime=0x1d46341, ftLastWriteTime.dwLowDateTime=0x9b389590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd520)) returned 1 [0124.895] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PgOfk9-TAig4g43kH9I.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pgofk9-taig4g43kh9i.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PgOfk9-TAig4g43kH9I.png.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pgofk9-taig4g43kh9i.png.blackhat")) returned 1 [0124.897] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11ce6 [0124.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6rMnOQ7B3loUEH IoW.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6rmnoq7b3loueh iow.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc04d08d0, ftCreationTime.dwHighDateTime=0x1d4587c, ftLastAccessTime.dwLowDateTime=0x27b83fe0, ftLastAccessTime.dwHighDateTime=0x1d46498, ftLastWriteTime.dwLowDateTime=0x9b3af6f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x11cf0)) returned 1 [0124.910] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6rMnOQ7B3loUEH IoW.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6rmnoq7b3loueh iow.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6rMnOQ7B3loUEH IoW.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6rmnoq7b3loueh iow.mp3.blackhat")) returned 1 [0124.912] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x166a4 [0124.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zlnpRyxT81-4oIv2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zlnpryxt81-4oiv2.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20554db0, ftCreationTime.dwHighDateTime=0x1d45cbe, ftLastAccessTime.dwLowDateTime=0x54d07cb0, ftLastAccessTime.dwHighDateTime=0x1d46522, ftLastWriteTime.dwLowDateTime=0x9b3d5850, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x166b0)) returned 1 [0124.928] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zlnpRyxT81-4oIv2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zlnpryxt81-4oiv2.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zlnpRyxT81-4oIv2.mp3.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zlnpryxt81-4oiv2.mp3.blackhat")) returned 1 [0124.929] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1756c [0124.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CG_C.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cg_c.rtf"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xba6ff480, ftCreationTime.dwHighDateTime=0x1d45a80, ftLastAccessTime.dwLowDateTime=0x4384cfe0, ftLastAccessTime.dwHighDateTime=0x1d463a8, ftLastWriteTime.dwLowDateTime=0x9b3fb9b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x17570)) returned 1 [0124.939] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CG_C.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cg_c.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CG_C.rtf.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cg_c.rtf.blackhat")) returned 1 [0124.942] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x16ccf [0124.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1vVI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1vvi.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28a2c360, ftCreationTime.dwHighDateTime=0x1d461d9, ftLastAccessTime.dwLowDateTime=0x4bdcd2d0, ftLastAccessTime.dwHighDateTime=0x1d45a9f, ftLastWriteTime.dwLowDateTime=0x9b3fb9b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x16cd0)) returned 1 [0124.953] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1vVI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1vvi.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1vVI.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1vvi.gif.blackhat")) returned 1 [0124.954] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x10c08 [0124.962] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fs-4VNzsNu4.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fs-4vnzsnu4.gif"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc189cc0, ftCreationTime.dwHighDateTime=0x1d45eb8, ftLastAccessTime.dwLowDateTime=0xc85ebd90, ftLastAccessTime.dwHighDateTime=0x1d46243, ftLastWriteTime.dwLowDateTime=0x9b421b10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10c10)) returned 1 [0124.963] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fs-4VNzsNu4.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fs-4vnzsnu4.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fs-4VNzsNu4.gif.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fs-4vnzsnu4.gif.blackhat")) returned 1 [0124.964] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x8bbd [0124.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IeZed0Mx-O AcN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iezed0mx-o acn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x926182f0, ftCreationTime.dwHighDateTime=0x1d45b12, ftLastAccessTime.dwLowDateTime=0x5e5f1d90, ftLastAccessTime.dwHighDateTime=0x1d4607c, ftLastWriteTime.dwLowDateTime=0x9b421b10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x8bc0)) returned 1 [0124.970] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IeZed0Mx-O AcN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iezed0mx-o acn.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IeZed0Mx-O AcN.mp4.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iezed0mx-o acn.mp4.blackhat")) returned 1 [0124.971] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xcded [0124.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3QUeC6JMrQ Lr9_mZO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\3quec6jmrq lr9_mzo.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x17aea870, ftCreationTime.dwHighDateTime=0x1d4608b, ftLastAccessTime.dwLowDateTime=0x78386f70, ftLastAccessTime.dwHighDateTime=0x1d46205, ftLastWriteTime.dwLowDateTime=0x9b447c70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xcdf0)) returned 1 [0124.977] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3QUeC6JMrQ Lr9_mZO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\3quec6jmrq lr9_mzo.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3QUeC6JMrQ Lr9_mZO.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\3quec6jmrq lr9_mzo.mkv.blackhat")) returned 1 [0124.982] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x18b7a [0124.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\e2NgFmC4r.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\e2ngfmc4r.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4744760, ftCreationTime.dwHighDateTime=0x1d463cc, ftLastAccessTime.dwLowDateTime=0xc6f302d0, ftLastAccessTime.dwHighDateTime=0x1d46136, ftLastWriteTime.dwLowDateTime=0x9b46ddd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18b80)) returned 1 [0124.999] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\e2NgFmC4r.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\e2ngfmc4r.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\e2NgFmC4r.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\e2ngfmc4r.mkv.blackhat")) returned 1 [0125.002] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xab07 [0125.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jqt_irtLYXp5f.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqt_irtlyxp5f.mkv"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfb511b0, ftCreationTime.dwHighDateTime=0x1d46308, ftLastAccessTime.dwLowDateTime=0xb4decc20, ftLastAccessTime.dwHighDateTime=0x1d45f8b, ftLastWriteTime.dwLowDateTime=0x9b493f30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xab10)) returned 1 [0125.011] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jqt_irtLYXp5f.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqt_irtlyxp5f.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jqt_irtLYXp5f.mkv.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jqt_irtlyxp5f.mkv.blackhat")) returned 1 [0125.336] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xdd [0125.346] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x19c [0125.398] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x9a2 [0125.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x9b8722f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9b0)) returned 1 [0125.410] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.blackhat")) returned 1 [0125.555] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0xa8 [0125.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9b9c8f50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0125.558] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.blackhat")) returned 1 [0125.583] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x53 [0125.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c3625f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1c3625f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba15210, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0125.586] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.blackhat")) returned 1 [0125.588] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x227 [0125.592] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d72bcd0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e6a4bd0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba15210, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x230)) returned 1 [0125.592] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.blackhat")) returned 1 [0125.603] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xf1 [0125.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d8f4d50, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba3b370, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0125.606] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.blackhat")) returned 1 [0125.607] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x6f [0125.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e658910, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba614d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0125.612] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.blackhat")) returned 1 [0125.614] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x6e [0125.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba614d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0125.617] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.blackhat")) returned 1 [0125.619] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x114 [0125.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86af2d0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba614d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x120)) returned 1 [0125.622] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.blackhat")) returned 1 [0125.624] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x56 [0125.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba87630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0125.627] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.blackhat")) returned 1 [0125.630] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x19e [0125.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e5e64f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e5e64f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x9ba87630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0125.633] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.blackhat")) returned 1 [0125.646] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x66 [0125.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44eb6480, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44eb6480, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9baad790, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0125.649] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.blackhat")) returned 1 [0125.651] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x66 [0125.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9baad790, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0125.654] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.blackhat")) returned 1 [0125.656] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x5d [0125.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9bad38f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0125.659] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.blackhat")) returned 1 [0125.661] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xea [0125.664] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9bad38f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xf0)) returned 1 [0125.664] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.blackhat")) returned 1 [0125.666] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x242 [0125.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0x45f08810, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9baf9a50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x250)) returned 1 [0125.677] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.blackhat")) returned 1 [0125.679] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x65 [0125.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9baf9a50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0125.682] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.blackhat")) returned 1 [0125.683] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x52 [0125.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53c70990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53c70990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9baf9a50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0125.686] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.blackhat")) returned 1 [0125.688] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x125 [0125.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x517fd8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51332930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9bb1fbb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x130)) returned 1 [0125.691] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.blackhat")) returned 1 [0125.692] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xdd [0125.695] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bb1fbb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0125.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.blackhat")) returned 1 [0125.696] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x201 [0125.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4611db50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4611db50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9bb1fbb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x210)) returned 1 [0125.699] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.blackhat")) returned 1 [0125.701] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x1ea [0125.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x534b4210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x562c6900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bb45d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1f0)) returned 1 [0125.704] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.blackhat")) returned 1 [0125.705] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x1c8 [0125.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9bb45d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1d0)) returned 1 [0125.708] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.blackhat")) returned 1 [0125.710] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x82 [0125.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdf95770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdf95770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9bb45d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x90)) returned 1 [0125.712] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.blackhat")) returned 1 [0125.714] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x110 [0125.716] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6301df20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63a15b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bb45d10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x120)) returned 1 [0125.717] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.blackhat")) returned 1 [0125.718] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x256 [0125.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bb91fd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x260)) returned 1 [0125.743] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.blackhat")) returned 1 [0125.747] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xc4 [0125.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bb91fd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0125.750] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.blackhat")) returned 1 [0125.751] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x21f [0125.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e777a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64e777a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bbb8130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x220)) returned 1 [0125.754] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.blackhat")) returned 1 [0125.755] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x110 [0125.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x465ba5f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x465ba5f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9bbb8130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x120)) returned 1 [0125.759] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.blackhat")) returned 1 [0125.760] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x76 [0125.763] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa5cef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa5cef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9bbb8130, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x80)) returned 1 [0125.763] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.blackhat")) returned 1 [0125.764] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x337 [0125.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b50050, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50b50050, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9bbde290, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x340)) returned 1 [0125.768] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.blackhat")) returned 1 [0125.770] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xce [0125.773] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bbde290, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0125.773] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.blackhat")) returned 1 [0125.774] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x6c [0125.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9bbde290, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0125.777] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.blackhat")) returned 1 [0125.778] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x68 [0125.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf99e810, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf99e810, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9bbde290, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0125.780] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.blackhat")) returned 1 [0125.782] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xb2 [0125.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x9bc043f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xc0)) returned 1 [0125.785] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.blackhat")) returned 1 [0125.786] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xd7 [0125.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555a9a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555a9a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bc043f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0125.789] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.blackhat")) returned 1 [0125.792] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xa9 [0125.795] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9bc043f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0125.795] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.blackhat")) returned 1 [0125.796] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x402 [0125.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4523d1d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x526fc010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x9bc506b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x410)) returned 1 [0125.815] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.blackhat")) returned 1 [0125.835] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x112 [0125.852] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x1b0 [0126.014] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x22e [0126.019] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xae [0126.024] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x1dc [0126.029] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x2a6 [0126.035] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2c0 [0126.040] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2e2 [0126.047] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0xae [0126.052] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x13e [0126.063] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0xae [0126.070] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x9cfab [0126.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9befdf70, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9cfb0)) returned 1 [0126.104] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.blackhat")) returned 1 [0126.124] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x6f [0126.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9bf4a230, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70)) returned 1 [0126.128] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.blackhat")) returned 1 [0126.164] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x38000 [0126.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9bfbc650, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x38010)) returned 1 [0126.177] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.blackhat")) returned 1 [0126.179] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x80000 [0126.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9c008910, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x80010)) returned 1 [0126.217] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.blackhat")) returned 1 [0126.218] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x18000 [0126.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9c07ad30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18010)) returned 1 [0126.250] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.blackhat")) returned 1 [0126.251] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x70000 [0126.296] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9c0c6ff0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x70010)) returned 1 [0126.296] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.blackhat")) returned 1 [0126.297] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x10000 [0126.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9c139410, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10010)) returned 1 [0126.338] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.blackhat")) returned 1 [0126.340] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xa00000 [0126.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9c9da3d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa00010)) returned 1 [0127.232] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.blackhat")) returned 1 [0127.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.234] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x50000 [0127.235] ReadFile (in: hFile=0x258, lpBuffer=0x12199978, nNumberOfBytesToRead=0x50000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x12199978*, lpNumberOfBytesRead=0x29e398*=0x50000, lpOverlapped=0x0) returned 1 [0127.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9ca26690, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x50010)) returned 1 [0127.271] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.blackhat")) returned 1 [0127.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.273] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x18000 [0127.273] ReadFile (in: hFile=0x258, lpBuffer=0x122399f8, nNumberOfBytesToRead=0x18000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x122399f8*, lpNumberOfBytesRead=0x29e398*=0x18000, lpOverlapped=0x0) returned 1 [0127.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.296] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9ca72950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18010)) returned 1 [0127.296] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.blackhat")) returned 1 [0127.300] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e180 | out: lpFindFileData=0x29e180) returned 0 [0127.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.301] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x39 [0127.301] ReadFile (in: hFile=0x258, lpBuffer=0x21bd360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x21bd360*, lpNumberOfBytesRead=0x29e398*=0x39, lpOverlapped=0x0) returned 1 [0127.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9ca72950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x40)) returned 1 [0127.304] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.blackhat")) returned 1 [0127.305] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e180 | out: lpFindFileData=0x29e180) returned 1 [0127.306] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e180 | out: lpFindFileData=0x29e180) returned 0 [0127.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.306] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xce [0127.306] ReadFile (in: hFile=0x258, lpBuffer=0x21c4198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x21c4198*, lpNumberOfBytesRead=0x29e398*=0xce, lpOverlapped=0x0) returned 1 [0127.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.309] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9ca72950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0127.309] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.blackhat")) returned 1 [0127.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.318] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x8d [0127.318] ReadFile (in: hFile=0x258, lpBuffer=0x21c70c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x21c70c0*, lpNumberOfBytesRead=0x29e398*=0x8d, lpOverlapped=0x0) returned 1 [0127.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9ca98ab0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x90)) returned 1 [0127.321] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.blackhat")) returned 1 [0127.322] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e180 | out: lpFindFileData=0x29e180) returned 0 [0127.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.323] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x3d6 [0127.323] ReadFile (in: hFile=0x258, lpBuffer=0x21dbad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x21dbad8*, lpNumberOfBytesRead=0x29e398*=0x3d6, lpOverlapped=0x0) returned 1 [0127.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9cabec10, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0127.339] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.blackhat")) returned 1 [0127.339] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.339] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.339] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.339] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 1 [0127.340] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e1a0 | out: lpFindFileData=0x29e1a0) returned 0 [0127.430] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0127.430] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0127.430] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0127.430] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 0 [0127.433] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0127.433] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0127.433] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 0 [0127.435] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e040 | out: lpFindFileData=0x29e040) returned 1 [0127.435] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e040 | out: lpFindFileData=0x29e040) returned 1 [0127.435] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e040 | out: lpFindFileData=0x29e040) returned 1 [0127.435] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e040 | out: lpFindFileData=0x29e040) returned 0 [0127.450] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29df70 | out: lpFindFileData=0x29df70) returned 0 [0127.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0127.452] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0xa0000 [0127.454] ReadFile (in: hFile=0x258, lpBuffer=0x12269a78, nNumberOfBytesToRead=0xa0000, lpNumberOfBytesRead=0x29e188, lpOverlapped=0x0 | out: lpBuffer=0x12269a78*, lpNumberOfBytesRead=0x29e188*=0xa0000, lpOverlapped=0x0) returned 1 [0128.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x29e2a0 | out: lpFileInformation=0x29e2a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9ccd3f50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xa0010)) returned 1 [0128.630] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.BlackHat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.blackhat")) returned 1 [0128.632] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29df90 | out: lpFindFileData=0x29df90) returned 1 [0128.633] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29df90 | out: lpFindFileData=0x29df90) returned 1 [0128.633] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29df90 | out: lpFindFileData=0x29df90) returned 1 [0128.633] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29df90 | out: lpFindFileData=0x29df90) returned 0 [0128.635] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29dee0 | out: lpFindFileData=0x29dee0) returned 1 [0128.635] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29dee0 | out: lpFindFileData=0x29dee0) returned 0 [0128.637] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0128.637] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 0 [0128.639] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0128.639] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 1 [0128.639] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e0f0 | out: lpFindFileData=0x29e0f0) returned 0 [0128.644] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0128.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.644] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x19c [0128.645] ReadFile (in: hFile=0x258, lpBuffer=0x237bd40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x237bd40*, lpNumberOfBytesRead=0x29e708*=0x19c, lpOverlapped=0x0) returned 1 [0128.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.650] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.650] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.650] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.651] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.651] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.651] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.651] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.651] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.651] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0128.656] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0128.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.656] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x34800 [0128.657] ReadFile (in: hFile=0x258, lpBuffer=0x123a9af8, nNumberOfBytesToRead=0x34800, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x123a9af8*, lpNumberOfBytesRead=0x29e708*=0x34800, lpOverlapped=0x0) returned 1 [0128.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.665] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0128.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.665] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x11a [0128.665] ReadFile (in: hFile=0x258, lpBuffer=0x21c6120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x21c6120*, lpNumberOfBytesRead=0x29e708*=0x11a, lpOverlapped=0x0) returned 1 [0128.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.671] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0128.675] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0128.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.675] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x192 [0128.675] ReadFile (in: hFile=0x258, lpBuffer=0x2214ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x2214ef0*, lpNumberOfBytesRead=0x29e708*=0x192, lpOverlapped=0x0) returned 1 [0128.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.679] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.680] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0128.681] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.681] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.681] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.681] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.681] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.681] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0128.683] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.683] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.683] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.683] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.685] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.686] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0128.687] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0128.688] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0128.688] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0128.688] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0128.688] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0128.688] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0128.688] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 0 [0128.695] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0128.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.696] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xd8 [0128.696] ReadFile (in: hFile=0x258, lpBuffer=0x22efaa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x22efaa8*, lpNumberOfBytesRead=0x29e658*=0xd8, lpOverlapped=0x0) returned 1 [0128.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.700] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.700] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.700] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.700] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.700] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0128.702] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.702] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.702] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0128.707] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.707] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.707] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0128.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0128.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0128.714] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0128.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.715] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x11a [0128.715] ReadFile (in: hFile=0x258, lpBuffer=0x21b8150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x21b8150*, lpNumberOfBytesRead=0x29e708*=0x11a, lpOverlapped=0x0) returned 1 [0128.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.718] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.718] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.718] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0128.720] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0128.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.720] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x192 [0128.720] ReadFile (in: hFile=0x258, lpBuffer=0x21dc6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x21dc6a8*, lpNumberOfBytesRead=0x29e708*=0x192, lpOverlapped=0x0) returned 1 [0128.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.723] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.723] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.723] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.724] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.724] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.724] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0128.724] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0128.725] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e440 | out: lpFindFileData=0x29e440) returned 0 [0128.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0128.725] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x50 [0128.725] ReadFile (in: hFile=0x258, lpBuffer=0x22022a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e658, lpOverlapped=0x0 | out: lpBuffer=0x22022a8*, lpNumberOfBytesRead=0x29e658*=0x50, lpOverlapped=0x0) returned 1 [0128.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.728] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.728] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.729] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.729] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.729] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0128.934] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.934] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.934] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.934] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.934] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.934] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0128.934] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.558] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.559] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.559] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.559] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.559] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.559] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.559] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.559] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.654] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.654] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.654] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.654] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.654] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.654] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.655] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0129.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.656] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x244 [0129.656] ReadFile (in: hFile=0x258, lpBuffer=0x229aea8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x229aea8*, lpNumberOfBytesRead=0x29e708*=0x244, lpOverlapped=0x0) returned 1 [0129.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.659] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.659] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.659] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.659] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.659] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.659] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.664] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0129.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.664] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1f8 [0129.664] ReadFile (in: hFile=0x258, lpBuffer=0x22c0588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22c0588*, lpNumberOfBytesRead=0x29e708*=0x1f8, lpOverlapped=0x0) returned 1 [0129.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.673] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0129.675] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.675] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.675] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.675] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 0 [0129.677] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.677] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.677] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.677] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.677] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.677] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.688] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0129.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.689] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1f8 [0129.689] ReadFile (in: hFile=0x258, lpBuffer=0x237f2e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x237f2e8*, lpNumberOfBytesRead=0x29e708*=0x1f8, lpOverlapped=0x0) returned 1 [0129.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.693] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.693] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.693] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.693] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.693] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.693] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.694] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.694] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.694] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.694] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.694] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.694] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.694] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.701] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.702] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.703] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.703] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.703] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.703] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.703] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.703] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.704] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.705] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.706] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.706] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.706] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.706] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.706] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.706] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.706] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0129.708] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.708] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.708] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.708] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.708] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 0 [0129.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.709] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0129.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.711] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.719] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0129.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.719] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x11a [0129.719] ReadFile (in: hFile=0x258, lpBuffer=0x22ca140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22ca140*, lpNumberOfBytesRead=0x29e708*=0x11a, lpOverlapped=0x0) returned 1 [0129.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.723] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.723] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.723] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.724] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0129.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.724] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x20c [0129.724] ReadFile (in: hFile=0x258, lpBuffer=0x22ee5f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x22ee5f8*, lpNumberOfBytesRead=0x29e708*=0x20c, lpOverlapped=0x0) returned 1 [0129.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.727] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.727] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.727] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.727] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.727] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.739] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0129.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.739] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x1f8 [0129.739] ReadFile (in: hFile=0x258, lpBuffer=0x2317c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x2317c88*, lpNumberOfBytesRead=0x29e708*=0x1f8, lpOverlapped=0x0) returned 1 [0129.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.742] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.743] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.743] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.743] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.743] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.743] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.743] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.744] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.744] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0129.745] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0129.746] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.746] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.746] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0129.748] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.749] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 0 [0129.752] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.752] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.752] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.753] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.753] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.753] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.753] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 0 [0129.754] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.754] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.754] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.754] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.754] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0129.754] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 0 [0129.755] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 1 [0129.755] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0129.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.759] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0129.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.759] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x14 [0129.759] ReadFile (in: hFile=0x258, lpBuffer=0x2205b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x2205b20*, lpNumberOfBytesRead=0x29e7b8*=0x14, lpOverlapped=0x0) returned 1 [0129.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.763] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0129.763] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0129.763] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0129.763] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0129.763] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0129.763] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0129.763] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0 [0129.764] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e4f0 | out: lpFindFileData=0x29e4f0) returned 0 [0129.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0129.764] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x50 [0129.764] ReadFile (in: hFile=0x258, lpBuffer=0x222a578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e708, lpOverlapped=0x0 | out: lpBuffer=0x222a578*, lpNumberOfBytesRead=0x29e708*=0x50, lpOverlapped=0x0) returned 1 [0129.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.767] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.767] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.767] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.767] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.767] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.843] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.843] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.843] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.843] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.843] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.843] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.843] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0129.920] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.920] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.920] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.921] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.921] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.921] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.921] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0129.921] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0130.000] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.000] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.000] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.000] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.001] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.001] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0130.002] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5a0 | out: lpFindFileData=0x29e5a0) returned 0 [0130.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0130.002] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0x192 [0130.002] ReadFile (in: hFile=0x258, lpBuffer=0x22c3d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7b8, lpOverlapped=0x0 | out: lpBuffer=0x22c3d40*, lpNumberOfBytesRead=0x29e7b8*=0x192, lpOverlapped=0x0) returned 1 [0130.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 1 [0130.005] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0 [0130.007] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.007] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.007] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 1 [0130.007] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e510 | out: lpFindFileData=0x29e510) returned 0 [0130.009] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0130.009] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0130.009] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 0 [0130.011] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0130.011] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 1 [0130.011] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e3b0 | out: lpFindFileData=0x29e3b0) returned 0 [0130.014] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0130.014] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 1 [0130.014] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e300 | out: lpFindFileData=0x29e300) returned 0 [0130.015] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e250 | out: lpFindFileData=0x29e250) returned 1 [0130.015] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e250 | out: lpFindFileData=0x29e250) returned 1 [0130.015] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e250 | out: lpFindFileData=0x29e250) returned 0 [0130.017] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e460 | out: lpFindFileData=0x29e460) returned 1 [0130.421] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x1fad1 [0130.614] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0xadc8 [0130.642] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x70c1 [0130.841] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x99d3 [0130.869] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0xb61 [0130.877] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x1fad1 [0130.937] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x70c1 [0130.988] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x769 [0131.027] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x536 [0131.031] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x3473 [0131.048] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x536 [0131.085] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x2c64 [0131.113] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x5e8 [0131.668] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x100000 [0131.811] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x295a0600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x295a0600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x9e66abd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x100010)) returned 1 [0131.812] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log"), lpNewFileName="C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log.BlackHat" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log.blackhat")) returned 1 [0132.151] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x41f0 [0132.314] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9c91380, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xd9c91380, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x9eae1510, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x4200)) returned 1 [0132.314] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html.BlackHat" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html.blackhat")) returned 1 [0132.317] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x7122 [0132.350] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9bd2ca0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xd9bd2ca0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x9eb53930, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x7130)) returned 1 [0132.351] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml.BlackHat" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml.blackhat")) returned 1 [0132.352] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x5600 [0132.443] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e53620, ftCreationTime.dwHighDateTime=0x1d305f5, ftLastAccessTime.dwLowDateTime=0x80e53620, ftLastAccessTime.dwHighDateTime=0x1d305f5, ftLastWriteTime.dwLowDateTime=0x9ec38170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5610)) returned 1 [0132.443] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml.BlackHat" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml.blackhat")) returned 1 [0132.445] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x5600 [0132.452] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9b145c0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xd9b145c0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x9ec38170, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5610)) returned 1 [0132.452] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml.BlackHat" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml.blackhat")) returned 1 [0132.525] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x264 [0132.536] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x1ba [0132.540] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x46a [0132.545] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x73e [0132.549] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x172 [0132.554] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x53a [0132.560] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x157 [0132.565] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xd8 [0132.571] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x7a6 [0132.579] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x208 [0132.685] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x25e [0132.870] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xae [0132.901] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x2 [0132.903] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb9820270, ftCreationTime.dwHighDateTime=0x1d2faf0, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0x9f088950, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0132.903] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.BlackHat" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log.blackhat")) returned 1 [0132.905] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x1a6e [0132.924] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9f0aeab0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a70)) returned 1 [0132.924] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.BlackHat" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log.blackhat")) returned 1 [0133.066] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x7e148 [0133.474] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xa4 [0133.477] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9f609c30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0133.477] MoveFileW (lpExistingFileName="C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), lpNewFileName="C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log.BlackHat" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log.blackhat")) returned 1 [0133.783] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x6f428 [0134.169] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x9fc958b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6f430)) returned 1 [0134.169] MoveFileW (lpExistingFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.BlackHat" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.blackhat")) returned 1 [0134.182] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x710a8 [0134.469] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x9ff692d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x710b0)) returned 1 [0134.469] MoveFileW (lpExistingFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.BlackHat" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.blackhat")) returned 1 [0134.641] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x6f398 [0134.717] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa01ca8d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x6f3a0)) returned 1 [0134.717] MoveFileW (lpExistingFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.BlackHat" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.blackhat")) returned 1 [0134.798] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xbee38 [0134.995] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa0478190, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xbee40)) returned 1 [0134.995] MoveFileW (lpExistingFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.BlackHat" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.blackhat")) returned 1 [0135.011] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x71080 [0135.212] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xa068d4d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x71090)) returned 1 [0135.212] MoveFileW (lpExistingFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.BlackHat" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.blackhat")) returned 1 [0135.216] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xbee30 [0135.513] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x29e770 | out: lpFileInformation=0x29e770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xa0960ef0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xbee40)) returned 1 [0135.514] MoveFileW (lpExistingFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), lpNewFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.BlackHat" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.blackhat")) returned 1 [0135.533] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x77 [0135.536] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa09ad1b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x80)) returned 1 [0135.536] MoveFileW (lpExistingFileName="C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), lpNewFileName="C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml.BlackHat" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml.blackhat")) returned 1 [0135.548] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x14 [0137.870] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.872] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.872] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.873] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.874] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.878] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.879] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.880] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.881] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.882] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.887] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.888] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.888] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.889] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.890] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.894] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.894] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.895] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.896] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.896] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.899] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.900] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.901] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.901] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.902] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.906] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.906] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.907] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.908] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.908] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.911] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.912] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.913] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.913] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.914] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.917] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.918] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.919] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.920] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.920] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.923] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.924] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.925] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.925] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.926] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.929] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.930] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.931] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.931] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.932] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.935] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.936] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.937] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.937] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.938] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.941] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.942] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.943] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.943] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.944] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.948] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.949] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.949] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.950] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.951] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.954] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.955] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.955] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.956] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.957] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.960] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.961] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.961] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.962] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.963] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.967] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.967] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.968] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.969] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.969] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.973] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.973] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.974] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.975] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.975] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.978] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.979] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.980] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.981] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.981] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.985] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.985] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.986] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.987] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.987] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.990] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.991] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.992] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.993] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.993] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.997] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.997] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0137.998] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.999] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0137.999] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.003] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.003] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.004] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.005] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.005] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.008] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.009] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.010] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.010] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.011] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.015] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.015] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.016] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.017] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.017] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.020] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.021] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.022] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.022] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.023] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.027] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.028] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.029] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.029] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.030] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.034] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.034] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.035] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.036] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.036] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.040] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.040] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.041] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.042] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.042] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.046] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.047] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.048] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.048] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.049] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.052] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.053] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.053] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.054] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.055] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.058] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.059] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.059] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.060] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.061] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.064] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.065] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.065] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.066] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.067] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.070] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.071] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.071] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.072] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.073] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.076] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.077] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.077] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.078] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.079] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.082] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.083] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.083] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.084] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.085] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.088] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.089] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.090] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.091] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.092] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.095] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.096] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.096] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.097] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.098] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.101] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.102] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.102] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.103] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.104] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.112] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.113] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.114] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.114] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.115] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.118] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.119] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.120] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.120] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.121] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.124] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.125] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.126] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.127] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.128] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.132] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.132] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.133] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.134] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.135] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.142] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.143] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.144] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.144] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.145] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.148] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.149] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.150] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.150] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.151] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.155] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.156] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.156] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.157] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.158] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.161] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.162] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.162] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.163] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.164] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.168] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.169] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.169] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.170] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.171] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.174] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.175] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.175] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.176] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.177] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.180] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.181] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.181] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.182] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.183] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.186] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.187] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpszLongPath=0x29df70, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 0x4c [0138.188] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df40, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.188] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\", lpszLongPath=0x29df10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\") returned 0x4d [0138.317] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0138.324] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0138.331] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0138.336] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0138.340] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0138.668] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0xae [0138.672] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0xae [0138.677] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0xae [0138.690] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x91 [0138.695] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x91 [0138.711] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x91 [0138.716] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x91 [0138.725] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0138.731] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0138.739] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0138.744] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0138.750] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0138.756] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0138.766] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0138.774] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0138.787] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x43 [0138.797] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x43 [0138.808] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x43 [0138.818] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x43 [0138.880] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x285 [0139.177] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x91 [0139.183] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0139.187] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0139.191] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0139.195] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0139.199] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0139.624] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xdd [0139.633] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x19c [0139.833] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x112 [0139.854] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x1b0 [0139.959] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x22e [0139.965] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xae [0139.970] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x1dc [0139.976] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2a6 [0139.984] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x2c0 [0139.994] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x2e2 [0140.000] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xae [0140.006] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x13e [0140.011] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xae [0140.193] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x19c [0140.210] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x34800 [0140.224] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11a [0140.233] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x192 [0140.257] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xd8 [0140.276] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11a [0140.281] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x192 [0140.286] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x50 [0140.567] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x244 [0140.575] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1f8 [0140.591] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1f8 [0140.612] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11a [0140.616] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x20c [0140.621] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1f8 [0140.878] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x1fad1 [0140.885] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xadc8 [0140.888] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x70c1 [0140.891] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x99d3 [0140.894] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xb61 [0140.899] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x1fad1 [0140.906] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x70c1 [0140.910] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x769 [0140.920] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x536 [0140.923] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x3473 [0140.928] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x536 [0140.932] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x2c64 [0140.938] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x5e8 [0141.505] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x264 [0141.520] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x1ba [0141.525] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x46a [0141.530] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x73e [0141.535] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x172 [0141.540] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x53a [0141.545] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x157 [0141.550] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0xd8 [0141.555] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x7a6 [0141.560] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x208 [0141.671] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x25e [0141.891] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xae [0142.085] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x7e148 [0142.461] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x400 [0142.493] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x2e400 [0142.521] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x0 [0142.523] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0x14 [0143.175] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x43 [0143.178] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0143.182] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0143.188] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0143.192] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0143.196] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x2fa9 [0143.210] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52df630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0)) returned 1 [0143.210] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.blackhat")) returned 1 [0143.213] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x2fa9 [0143.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52df630, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0)) returned 1 [0143.217] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.blackhat")) returned 1 [0143.485] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x0 [0143.487] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0xb400 [0143.506] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0xae [0143.621] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x91 [0143.626] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x91 [0143.713] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x43 [0143.782] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x43 [0143.787] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0143.802] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0143.806] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0143.811] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x43 [0143.866] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x104 [0143.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa591eff0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0143.870] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml.blackhat")) returned 1 [0143.872] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x200000 [0144.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5b0e1d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x200010)) returned 1 [0144.065] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log.blackhat")) returned 1 [0144.066] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x200000 [0144.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5cfd3b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x200010)) returned 1 [0144.280] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log.blackhat")) returned 1 [0144.342] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x200000 [0144.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), fInfoLevelId=0x0, lpFileInformation=0x29e400 | out: lpFileInformation=0x29e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5f5e9b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x200010)) returned 1 [0144.537] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log.blackhat")) returned 1 [0144.554] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x432 [0144.565] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5fd0dd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x440)) returned 1 [0144.565] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.blackhat")) returned 1 [0144.567] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x5d3f [0144.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5fd0dd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x5d40)) returned 1 [0144.574] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.blackhat")) returned 1 [0144.575] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x1906 [0144.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5fd0dd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1910)) returned 1 [0144.579] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.blackhat")) returned 1 [0144.580] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x107e [0144.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5ff6f30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1080)) returned 1 [0144.584] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.blackhat")) returned 1 [0144.585] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x18ed [0144.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5ff6f30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x18f0)) returned 1 [0144.589] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.blackhat")) returned 1 [0144.590] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x13fb [0144.594] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa5ff6f30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1400)) returned 1 [0144.594] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.blackhat")) returned 1 [0144.595] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x780 [0144.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa601d090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x790)) returned 1 [0144.602] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.blackhat")) returned 1 [0144.603] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x127e [0144.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa601d090, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1280)) returned 1 [0144.607] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.blackhat")) returned 1 [0144.617] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x2949 [0144.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa60431f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x2950)) returned 1 [0144.622] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.blackhat")) returned 1 [0144.624] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x1d51 [0144.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa6069350, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1d60)) returned 1 [0144.628] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.blackhat")) returned 1 [0144.727] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x285 [0144.732] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x27cf [0145.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa665ca50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x27d0)) returned 1 [0145.256] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.blackhat")) returned 1 [0145.260] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e518 | out: lpFileSizeHigh=0x29e518*=0x0) returned 0x54 [0145.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), fInfoLevelId=0x0, lpFileInformation=0x29e560 | out: lpFileInformation=0x29e560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa665ca50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x60)) returned 1 [0145.264] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.blackhat")) returned 1 [0145.267] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e5c8 | out: lpFileSizeHigh=0x29e5c8*=0x0) returned 0x0 [0145.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), fInfoLevelId=0x0, lpFileInformation=0x29e610 | out: lpFileInformation=0x29e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa665ca50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0145.269] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt.BlackHat" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt.blackhat")) returned 1 [0145.692] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x92 [0145.692] ReadFile (in: hFile=0x258, lpBuffer=0x22bb9c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e398, lpOverlapped=0x0 | out: lpBuffer=0x22bb9c0*, lpNumberOfBytesRead=0x29e398*=0x92, lpOverlapped=0x0) returned 1 [0145.693] CloseHandle (hObject=0x258) returned 1 [0145.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2d0) returned 1 [0145.694] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29ac10) returned 1 [0145.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.695] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.695] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.695] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.695] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.695] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.cer", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.696] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.696] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.696] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.backup", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.697] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.697] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.697] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.7z", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.697] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.697] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.697] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.tiff", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.698] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.698] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.698] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.jpeg", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.698] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.698] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.698] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.accdb", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.699] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.699] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.699] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.sqlite", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.700] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.700] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.700] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.dbf", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.700] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.700] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.700] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*1cd", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.701] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.701] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.701] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.mdb", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.701] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.701] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.701] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.cd", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.702] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.702] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.702] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.cdr", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.703] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.703] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.703] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.dwg", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.703] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.703] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.703] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.gif", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.704] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.mp4", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.705] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.avi", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.705] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.mkv", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.706] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.wmv", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.706] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.webmp", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e490) returned 1 [0145.707] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.707] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.707] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.bak", lpFindFileData=0x29e130 | out: lpFindFileData=0x29e130) returned 0xffffffffffffffff [0145.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3a0) returned 1 [0145.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e4b0) returned 1 [0145.707] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x29dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x49 [0145.707] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x29df40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4a [0145.707] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x29e150 | out: lpFindFileData=0x29e150) returned 0x1a95fdf0 [0145.709] FindClose (in: hFindFile=0x1a95fdf0 | out: hFindFile=0x1a95fdf0) returned 1 [0145.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e400) returned 1 [0145.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3c0) returned 1 [0145.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.709] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.709] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.709] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.txt", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.710] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.710] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.710] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.doc", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.710] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.710] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.710] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.docx", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.711] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.711] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.711] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.xls", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.711] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.711] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.711] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.xlsx", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.712] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.712] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.712] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.ppt", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.713] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.713] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.713] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.pptx", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.713] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.713] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.713] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.odt", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.714] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.714] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.714] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.jpg", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.714] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.714] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.714] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.png", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.715] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.715] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.715] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.csv", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.715] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.716] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.716] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.sql", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.716] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.716] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.716] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.mdb", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.717] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.717] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.717] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.sln", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.717] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.717] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.717] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.php", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.718] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.718] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.718] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.asp", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.719] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.719] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.719] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.aspx", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.719] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.719] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.719] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.html", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.720] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.720] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.720] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.xml", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.720] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.720] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.721] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.psd", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.721] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.721] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.721] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.rar", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.722] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.722] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.722] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.zip", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.722] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.722] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.722] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.mp3", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.723] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.723] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.723] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.exe", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.723] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.724] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.724] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.PDF", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.724] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.724] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.724] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.rtf", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.725] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.725] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.725] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.DT", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.725] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.725] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.726] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.CF", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.726] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.726] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.726] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.CFU", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.727] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.727] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.727] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.mxl", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.727] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.727] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.727] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.epf", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.728] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.728] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.728] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.erf", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.728] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.729] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.729] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.vrp", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.729] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.729] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.729] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.grs", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.730] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.730] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.730] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.geo", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.730] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.730] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.730] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.elf", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.731] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.731] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.731] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.lgf", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.732] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.732] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.732] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.lgp", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.732] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.732] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.732] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.log", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.785] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.785] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.785] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.st", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.786] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.786] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.786] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.pff", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.786] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.787] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.787] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.mft", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.787] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.787] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.787] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.efd", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.788] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.788] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.788] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.ini", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.788] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.788] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.788] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.CFL", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.789] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.789] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.789] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.cer", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.790] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.790] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.790] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.backup", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.790] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.790] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.790] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.7z", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.791] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.791] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.791] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.tiff", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.791] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.792] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.792] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.jpeg", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.792] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.792] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.792] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.accdb", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.793] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.793] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.793] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.sqlite", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.793] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.793] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.793] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.dbf", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.794] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.794] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.794] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*1cd", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.795] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.795] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.795] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.mdb", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.795] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.795] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.795] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.cd", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.796] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.796] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.796] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.cdr", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.796] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.796] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.797] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.dwg", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.797] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.797] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.797] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.gif", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.798] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.798] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.798] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.mp4", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e330) returned 1 [0145.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e2f0) returned 1 [0145.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e3e0) returned 1 [0145.798] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.798] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.798] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.avi", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.799] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.799] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.799] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.mkv", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.799] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.799] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.800] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.wmv", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.800] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.800] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.800] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.webmp", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.800] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.801] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.801] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.bak", lpFindFileData=0x29e080 | out: lpFindFileData=0x29e080) returned 0xffffffffffffffff [0145.801] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x29def0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x55 [0145.801] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x29de90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x56 [0145.801] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x29e0a0 | out: lpFindFileData=0x29e0a0) returned 0x1a95fdf0 [0145.802] FindClose (in: hFindFile=0x1a95fdf0 | out: hFindFile=0x1a95fdf0) returned 1 [0145.802] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.802] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.803] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.txt", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.803] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.803] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.803] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.doc", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.804] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.804] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.804] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.docx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.804] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.804] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.804] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.xls", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.805] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.805] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.805] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.xlsx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.805] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.805] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.805] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.ppt", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.806] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.806] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.806] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.pptx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.806] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.806] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.806] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.odt", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.807] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.807] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.807] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.jpg", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.807] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.807] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.807] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.png", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.808] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.808] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.808] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.csv", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.808] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.808] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.808] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.sql", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.809] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.809] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.809] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.mdb", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.809] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.809] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.809] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.sln", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.810] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.810] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.810] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.php", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.810] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.810] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.810] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.asp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.811] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.811] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.811] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.aspx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.811] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.811] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.811] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.html", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.812] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.812] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.812] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.xml", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.812] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.812] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.812] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.psd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.813] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.813] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.813] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.rar", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.813] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.813] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.813] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.zip", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.814] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.814] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.814] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.mp3", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.814] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.814] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.815] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.exe", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.815] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.815] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.815] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.PDF", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.815] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.815] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.816] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.rtf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.816] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.816] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.816] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.DT", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.816] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.816] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.817] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.CF", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.817] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.817] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.817] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.CFU", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.817] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.817] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.817] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.mxl", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.818] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.818] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.818] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.epf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.818] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.818] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.818] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.erf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.819] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.819] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.819] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.vrp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.819] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.819] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.819] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.grs", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.820] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.820] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.820] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.geo", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.820] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.820] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x29ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x6b [0145.820] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.elf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.820] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x29de20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6a [0145.821] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.lgf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.821] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.lgp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.821] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.log", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.822] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.st", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.822] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.pff", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.822] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.mft", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.823] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.efd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.823] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.ini", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.823] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.CFL", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.824] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.cer", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.824] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.backup", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.824] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.7z", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.825] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.tiff", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.825] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.jpeg", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.825] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.accdb", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.826] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.sqlite", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.826] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.dbf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.826] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*1cd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.827] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.mdb", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.874] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.cd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.875] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.cdr", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.875] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.dwg", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.875] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.gif", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.876] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.mp4", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.876] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.avi", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.876] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.mkv", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.877] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.wmv", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.877] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.webmp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.877] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.bak", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.878] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x29dff0 | out: lpFindFileData=0x29dff0) returned 0x1a95fdf0 [0145.878] FindClose (in: hFindFile=0x1a95fdf0 | out: hFindFile=0x1a95fdf0) returned 1 [0145.878] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.txt", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.922] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.doc", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.924] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.docx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.926] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.xls", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.927] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.xlsx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.929] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.ppt", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.931] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.pptx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.932] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.odt", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.934] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.jpg", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.936] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.png", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.938] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.csv", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.939] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.sql", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.941] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.mdb", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.943] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.sln", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.945] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.php", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.947] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.asp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.949] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.aspx", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0145.950] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.html", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.001] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.xml", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.003] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.psd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.004] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.rar", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.006] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.zip", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.008] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.mp3", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.010] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.exe", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.011] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.PDF", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.013] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.rtf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.015] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.DT", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.016] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.CF", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.018] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.CFU", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.020] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.mxl", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.022] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.epf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.023] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.erf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.025] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.vrp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.027] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.grs", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.028] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.geo", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.030] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.elf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.032] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.lgf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.034] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.lgp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.035] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.log", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.037] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.st", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.039] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.pff", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.041] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.mft", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.042] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.efd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.044] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.ini", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0x1a95fdf0 [0146.045] FindClose (in: hFindFile=0x1a95fdf0 | out: hFindFile=0x1a95fdf0) returned 1 [0146.059] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xd3 [0146.060] CloseHandle (hObject=0x258) returned 1 [0146.062] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.CFL", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.063] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.cer", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.063] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.backup", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.063] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.7z", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.064] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.tiff", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.064] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.jpeg", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.064] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.accdb", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.064] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.sqlite", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.065] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.dbf", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.065] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*1cd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.065] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.mdb", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.066] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.cd", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.066] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.cdr", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.066] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.dwg", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.067] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.gif", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.067] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.mp4", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.067] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.avi", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.068] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.mkv", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.068] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.wmv", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.068] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.webmp", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.069] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.bak", lpFindFileData=0x29dfd0 | out: lpFindFileData=0x29dfd0) returned 0xffffffffffffffff [0146.069] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x29dff0 | out: lpFindFileData=0x29dff0) returned 0x1a95fdf0 [0146.070] FindClose (in: hFindFile=0x1a95fdf0 | out: hFindFile=0x1a95fdf0) returned 1 [0146.070] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.txt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.070] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.doc", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.071] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.docx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.071] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.xls", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.071] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.xlsx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.072] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.ppt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.072] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.pptx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.072] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.odt", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.jpg", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.png", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.csv", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.074] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.sql", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.074] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.mdb", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.074] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.sln", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.php", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.asp", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.aspx", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.html", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.076] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.xml", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.076] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.psd", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.076] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.rar", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.077] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.zip", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.077] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.mp3", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.077] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.exe", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.078] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.PDF", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.078] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.rtf", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.078] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.DT", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.079] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.CF", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.079] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.CFU", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.079] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*.mxl", lpFindFileData=0x29e1e0 | out: lpFindFileData=0x29e1e0) returned 0xffffffffffffffff [0146.527] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x112 [0146.541] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x1b0 [0146.696] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x22e [0146.700] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0xae [0146.756] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e3b8 | out: lpFileSizeHigh=0x29e3b8*=0x0) returned 0x1dc [0146.814] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x2a6 [0146.891] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x2c0 [0146.957] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e258 | out: lpFileSizeHigh=0x29e258*=0x0) returned 0x2e2 [0147.214] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xae [0147.219] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0x13e [0147.223] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e308 | out: lpFileSizeHigh=0x29e308*=0x0) returned 0xae [0147.228] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e468 | out: lpFileSizeHigh=0x29e468*=0x0) returned 0x9b944 [0148.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e4b0 | out: lpFileInformation=0x29e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa81241d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x9b950)) returned 1 [0148.065] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.BlackHat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.blackhat")) returned 1 [0148.069] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x19c [0148.073] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11a [0148.169] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x192 [0148.177] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11a [0148.248] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x192 [0148.252] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x50 [0148.596] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x244 [0148.601] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1f8 [0148.607] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1f8 [0148.613] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x11a [0148.673] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x20c [0148.678] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x1f8 [0148.682] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e7d8 | out: lpFileSizeHigh=0x29e7d8*=0x0) returned 0xae [0148.684] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xae [0148.687] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x116 [0148.692] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0xae [0148.696] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x58 [0148.720] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x17c [0148.799] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x8064f1 [0149.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xa91f3d30, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x806500)) returned 1 [0149.837] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.BlackHat" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.blackhat")) returned 1 [0149.839] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x3ec5d2 [0150.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xa980d590, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5e0)) returned 1 [0150.474] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.BlackHat" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.blackhat")) returned 1 [0150.476] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x49e459 [0151.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xa9db49d0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x49e460)) returned 1 [0151.064] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.BlackHat" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.blackhat")) returned 1 [0151.066] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x24a [0151.069] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x17c [0151.093] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xd6b22 [0151.230] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xa9f578f0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xd6b30)) returned 1 [0151.230] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.blackhat")) returned 1 [0151.230] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xce875 [0151.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xaa015fd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xce880)) returned 1 [0151.307] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.blackhat")) returned 1 [0151.310] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x91554 [0151.527] ReadFile (in: hFile=0x258, lpBuffer=0x12199978, nNumberOfBytesToRead=0x91554, lpNumberOfBytesRead=0x29e5a8, lpOverlapped=0x0 | out: lpBuffer=0x12199978*, lpNumberOfBytesRead=0x29e5a8*=0x91554, lpOverlapped=0x0) returned 1 [0151.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xaa29d730, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x91560)) returned 1 [0151.578] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.blackhat")) returned 1 [0151.580] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xbd616 [0151.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xaa335cb0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xbd620)) returned 1 [0151.633] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.blackhat")) returned 1 [0151.634] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xbea1f [0151.694] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xaa3ce230, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xbea20)) returned 1 [0151.694] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.blackhat")) returned 1 [0151.695] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x8907c [0151.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xaa440650, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x89080)) returned 1 [0151.755] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.blackhat")) returned 1 [0151.755] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xbde6b [0151.812] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xaa4d8bd0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0xbde70)) returned 1 [0151.812] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.blackhat")) returned 1 [0151.813] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x97958 [0151.832] ReadFile (in: hFile=0x258, lpBuffer=0x12199978, nNumberOfBytesToRead=0x97958, lpNumberOfBytesRead=0x29e5a8, lpOverlapped=0x0 | out: lpBuffer=0x12199978*, lpNumberOfBytesRead=0x29e5a8*=0x97958, lpOverlapped=0x0) returned 1 [0151.892] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xaa5972b0, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x97960)) returned 1 [0151.892] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.BlackHat" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.blackhat")) returned 1 [0151.894] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x460 [0151.903] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x50 [0151.907] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0xab [0151.911] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e728 | out: lpFileSizeHigh=0x29e728*=0x0) returned 0x17c [0151.925] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x146 [0151.928] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e678 | out: lpFileSizeHigh=0x29e678*=0x0) returned 0x1907b8a [0154.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), fInfoLevelId=0x0, lpFileInformation=0x29e6c0 | out: lpFileInformation=0x29e6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xabd3ed50, ftLastWriteTime.dwHighDateTime=0x1d486f4, nFileSizeHigh=0x0, nFileSizeLow=0x1907b90)) returned 1 [0154.375] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.BlackHat" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.blackhat")) returned 1 [0154.377] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e888 | out: lpFileSizeHigh=0x29e888*=0x0) returned 0xae [0154.415] GetLogicalDrives () returned 0x4 [0154.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.417] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.417] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.418] FindFirstFileW (in: lpFileName="C:\\*.txt", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.418] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.418] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.419] FindFirstFileW (in: lpFileName="C:\\*.doc", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.419] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.419] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.419] FindFirstFileW (in: lpFileName="C:\\*.docx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.419] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.422] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.422] FindFirstFileW (in: lpFileName="C:\\*.xls", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.423] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.423] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.423] FindFirstFileW (in: lpFileName="C:\\*.xlsx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.423] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.424] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.424] FindFirstFileW (in: lpFileName="C:\\*.ppt", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.424] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.424] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.425] FindFirstFileW (in: lpFileName="C:\\*.pptx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.425] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.425] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.425] FindFirstFileW (in: lpFileName="C:\\*.odt", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.426] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.426] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.426] FindFirstFileW (in: lpFileName="C:\\*.jpg", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.427] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.427] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.427] FindFirstFileW (in: lpFileName="C:\\*.png", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.427] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.428] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.428] FindFirstFileW (in: lpFileName="C:\\*.csv", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.428] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.428] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.428] FindFirstFileW (in: lpFileName="C:\\*.sql", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.429] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.429] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.429] FindFirstFileW (in: lpFileName="C:\\*.mdb", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.430] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.430] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.430] FindFirstFileW (in: lpFileName="C:\\*.sln", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.431] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.431] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.431] FindFirstFileW (in: lpFileName="C:\\*.php", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.431] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.431] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.431] FindFirstFileW (in: lpFileName="C:\\*.asp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.432] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.432] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.432] FindFirstFileW (in: lpFileName="C:\\*.aspx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.432] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.432] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.432] FindFirstFileW (in: lpFileName="C:\\*.html", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.433] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.433] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.433] FindFirstFileW (in: lpFileName="C:\\*.xml", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.434] FindFirstFileW (in: lpFileName="C:\\*.psd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.434] FindFirstFileW (in: lpFileName="C:\\*.rar", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.435] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.435] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.435] FindFirstFileW (in: lpFileName="C:\\*.zip", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.436] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.436] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.436] FindFirstFileW (in: lpFileName="C:\\*.mp3", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.436] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.436] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.436] FindFirstFileW (in: lpFileName="C:\\*.exe", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.437] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.437] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.437] FindFirstFileW (in: lpFileName="C:\\*.PDF", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.437] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.437] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.437] FindFirstFileW (in: lpFileName="C:\\*.rtf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.438] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.438] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.438] FindFirstFileW (in: lpFileName="C:\\*.DT", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.438] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.438] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.438] FindFirstFileW (in: lpFileName="C:\\*.CF", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.439] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.439] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.439] FindFirstFileW (in: lpFileName="C:\\*.CFU", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.440] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.440] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.440] FindFirstFileW (in: lpFileName="C:\\*.mxl", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.440] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.440] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.440] FindFirstFileW (in: lpFileName="C:\\*.epf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.441] FindFirstFileW (in: lpFileName="C:\\*.erf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.441] FindFirstFileW (in: lpFileName="C:\\*.vrp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.442] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.442] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.442] FindFirstFileW (in: lpFileName="C:\\*.grs", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.442] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.442] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.442] FindFirstFileW (in: lpFileName="C:\\*.geo", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.442] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.442] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.443] FindFirstFileW (in: lpFileName="C:\\*.elf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.443] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.443] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.443] FindFirstFileW (in: lpFileName="C:\\*.lgf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.443] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.443] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.443] FindFirstFileW (in: lpFileName="C:\\*.lgp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.444] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.444] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.444] FindFirstFileW (in: lpFileName="C:\\*.log", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.444] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.444] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.444] FindFirstFileW (in: lpFileName="C:\\*.st", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.445] FindFirstFileW (in: lpFileName="C:\\*.pff", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.445] FindFirstFileW (in: lpFileName="C:\\*.mft", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.446] FindFirstFileW (in: lpFileName="C:\\*.efd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.446] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.446] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.446] FindFirstFileW (in: lpFileName="C:\\*.ini", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.446] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.446] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.446] FindFirstFileW (in: lpFileName="C:\\*.CFL", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.447] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.447] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.447] FindFirstFileW (in: lpFileName="C:\\*.cer", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.447] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.447] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.447] FindFirstFileW (in: lpFileName="C:\\*.backup", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.447] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.447] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.447] FindFirstFileW (in: lpFileName="C:\\*.7z", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.448] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.448] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.448] FindFirstFileW (in: lpFileName="C:\\*.tiff", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.448] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.448] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.448] FindFirstFileW (in: lpFileName="C:\\*.jpeg", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.449] FindFirstFileW (in: lpFileName="C:\\*.accdb", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.449] FindFirstFileW (in: lpFileName="C:\\*.sqlite", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.449] FindFirstFileW (in: lpFileName="C:\\*.dbf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.450] FindFirstFileW (in: lpFileName="C:\\*1cd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.450] FindFirstFileW (in: lpFileName="C:\\*.mdb", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.450] FindFirstFileW (in: lpFileName="C:\\*.cd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.451] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.451] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.451] FindFirstFileW (in: lpFileName="C:\\*.cdr", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.451] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.451] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.451] FindFirstFileW (in: lpFileName="C:\\*.dwg", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.452] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.452] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.452] FindFirstFileW (in: lpFileName="C:\\*.gif", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.452] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.452] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.452] FindFirstFileW (in: lpFileName="C:\\*.mp4", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.452] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.452] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.452] FindFirstFileW (in: lpFileName="C:\\*.avi", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.453] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.453] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.453] FindFirstFileW (in: lpFileName="C:\\*.mkv", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.453] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.453] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.453] FindFirstFileW (in: lpFileName="C:\\*.wmv", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.453] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.453] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.453] FindFirstFileW (in: lpFileName="C:\\*.webmp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.454] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.454] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.454] FindFirstFileW (in: lpFileName="C:\\*.bak", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0x1a95fdf0 [0154.454] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e610 | out: lpFindFileData=0x29e610) returned 0 [0154.454] FindClose (in: hFindFile=0x1a95fdf0 | out: hFindFile=0x1a95fdf0) returned 1 [0154.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.455] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x29e280, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0154.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e760) returned 1 [0154.455] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0154.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e6d0) returned 1 [0154.455] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e8f8 | out: lpFileSizeHigh=0x29e8f8*=0x0) returned 0x2000 [0154.455] ReadFile (in: hFile=0x258, lpBuffer=0x21d9be0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x29e828, lpOverlapped=0x0 | out: lpBuffer=0x21d9be0*, lpNumberOfBytesRead=0x29e828*=0x2000, lpOverlapped=0x0) returned 1 [0154.467] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x29e280, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0154.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e760) returned 1 [0154.467] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0154.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29b0a0) returned 1 [0154.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.470] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.470] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.470] FindFirstFileW (in: lpFileName="C:\\*.txt", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.470] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.470] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.471] FindFirstFileW (in: lpFileName="C:\\*.doc", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.471] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.471] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.471] FindFirstFileW (in: lpFileName="C:\\*.docx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.471] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.472] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.472] FindFirstFileW (in: lpFileName="C:\\*.xls", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.472] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.472] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.472] FindFirstFileW (in: lpFileName="C:\\*.xlsx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.472] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.473] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.473] FindFirstFileW (in: lpFileName="C:\\*.ppt", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.473] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.473] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.473] FindFirstFileW (in: lpFileName="C:\\*.pptx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.474] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.474] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.474] FindFirstFileW (in: lpFileName="C:\\*.odt", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.474] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.474] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.474] FindFirstFileW (in: lpFileName="C:\\*.jpg", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.475] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.475] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.475] FindFirstFileW (in: lpFileName="C:\\*.png", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.475] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.475] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.475] FindFirstFileW (in: lpFileName="C:\\*.csv", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.476] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.476] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.476] FindFirstFileW (in: lpFileName="C:\\*.sql", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.476] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.476] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.476] FindFirstFileW (in: lpFileName="C:\\*.mdb", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.477] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.477] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.477] FindFirstFileW (in: lpFileName="C:\\*.sln", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.477] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.477] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.477] FindFirstFileW (in: lpFileName="C:\\*.php", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.478] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.478] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.478] FindFirstFileW (in: lpFileName="C:\\*.asp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e830) returned 1 [0154.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e920) returned 1 [0154.478] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.478] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.478] FindFirstFileW (in: lpFileName="C:\\*.aspx", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29e870) returned 1 [0154.478] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.479] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.479] FindFirstFileW (in: lpFileName="C:\\*.html", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.479] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.479] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.479] FindFirstFileW (in: lpFileName="C:\\*.xml", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.479] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.479] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.479] FindFirstFileW (in: lpFileName="C:\\*.psd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.480] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.480] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.480] FindFirstFileW (in: lpFileName="C:\\*.rar", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.480] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.480] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.480] FindFirstFileW (in: lpFileName="C:\\*.zip", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.481] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.481] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.481] FindFirstFileW (in: lpFileName="C:\\*.mp3", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.481] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.481] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.481] FindFirstFileW (in: lpFileName="C:\\*.exe", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.481] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.481] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.481] FindFirstFileW (in: lpFileName="C:\\*.PDF", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.482] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.482] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.482] FindFirstFileW (in: lpFileName="C:\\*.rtf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.482] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.482] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.482] FindFirstFileW (in: lpFileName="C:\\*.DT", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.483] FindFirstFileW (in: lpFileName="C:\\*.CF", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.483] FindFirstFileW (in: lpFileName="C:\\*.CFU", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.484] FindFirstFileW (in: lpFileName="C:\\*.mxl", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.484] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.484] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.484] FindFirstFileW (in: lpFileName="C:\\*.epf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.484] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.484] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.484] FindFirstFileW (in: lpFileName="C:\\*.erf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.485] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.485] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.485] FindFirstFileW (in: lpFileName="C:\\*.vrp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.485] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.485] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.486] FindFirstFileW (in: lpFileName="C:\\*.grs", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.486] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.486] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.486] FindFirstFileW (in: lpFileName="C:\\*.geo", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.486] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.486] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.486] FindFirstFileW (in: lpFileName="C:\\*.elf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.487] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.487] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.487] FindFirstFileW (in: lpFileName="C:\\*.lgf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.487] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.487] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.487] FindFirstFileW (in: lpFileName="C:\\*.lgp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.487] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.488] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.488] FindFirstFileW (in: lpFileName="C:\\*.log", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.488] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.488] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.488] FindFirstFileW (in: lpFileName="C:\\*.st", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.488] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.488] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.488] FindFirstFileW (in: lpFileName="C:\\*.pff", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.489] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.489] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.489] FindFirstFileW (in: lpFileName="C:\\*.mft", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.489] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.489] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.489] FindFirstFileW (in: lpFileName="C:\\*.efd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.489] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.490] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.490] FindFirstFileW (in: lpFileName="C:\\*.ini", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.490] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.490] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.490] FindFirstFileW (in: lpFileName="C:\\*.CFL", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.490] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.490] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.490] FindFirstFileW (in: lpFileName="C:\\*.cer", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.491] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.491] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.491] FindFirstFileW (in: lpFileName="C:\\*.backup", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.491] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.491] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.491] FindFirstFileW (in: lpFileName="C:\\*.7z", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.492] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.492] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.492] FindFirstFileW (in: lpFileName="C:\\*.tiff", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.492] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.492] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.492] FindFirstFileW (in: lpFileName="C:\\*.jpeg", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.492] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.492] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.492] FindFirstFileW (in: lpFileName="C:\\*.accdb", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.493] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.493] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.493] FindFirstFileW (in: lpFileName="C:\\*.sqlite", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.493] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.493] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.493] FindFirstFileW (in: lpFileName="C:\\*.dbf", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.494] FindFirstFileW (in: lpFileName="C:\\*1cd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.494] FindFirstFileW (in: lpFileName="C:\\*.mdb", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.494] FindFirstFileW (in: lpFileName="C:\\*.cd", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.495] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.495] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.495] FindFirstFileW (in: lpFileName="C:\\*.cdr", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.495] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.495] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.495] FindFirstFileW (in: lpFileName="C:\\*.dwg", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.496] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.496] FindFirstFileW (in: lpFileName="C:\\*.gif", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.496] FindFirstFileW (in: lpFileName="C:\\*.mp4", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.496] FindFirstFileW (in: lpFileName="C:\\*.avi", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.497] FindFirstFileW (in: lpFileName="C:\\*.mkv", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.497] FindFirstFileW (in: lpFileName="C:\\*.wmv", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.497] FindFirstFileW (in: lpFileName="C:\\*.webmp", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0xffffffffffffffff [0154.497] FindFirstFileW (in: lpFileName="C:\\*.bak", lpFindFileData=0x29e5c0 | out: lpFindFileData=0x29e5c0) returned 0x1a95fdf0 [0154.497] FindNextFileW (in: hFindFile=0x1a95fdf0, lpFindFileData=0x29e610 | out: lpFindFileData=0x29e610) returned 0 [0154.498] FindClose (in: hFindFile=0x1a95fdf0 | out: hFindFile=0x1a95fdf0) returned 1 [0154.498] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0154.498] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x29e8f8 | out: lpFileSizeHigh=0x29e8f8*=0x0) returned 0x2000 [0154.498] ReadFile (in: hFile=0x258, lpBuffer=0x21f77d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x29e828, lpOverlapped=0x0 | out: lpBuffer=0x21f77d8*, lpNumberOfBytesRead=0x29e828*=0x2000, lpOverlapped=0x0) returned 1 [0154.499] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.139] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0155.162] CreatePipe (in: hReadPipe=0x29e8d0, hWritePipe=0x29e8c8, lpPipeAttributes=0x29e7c0, nSize=0x0 | out: hReadPipe=0x29e8d0*=0x15c, hWritePipe=0x29e8c8*=0x268) returned 1 [0155.218] GetCurrentProcess () returned 0xffffffffffffffff [0155.218] GetCurrentProcess () returned 0xffffffffffffffff [0155.218] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x15c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x29e910, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x29e910*=0x26c) returned 1 [0155.218] CloseHandle (hObject=0x15c) returned 1 [0155.218] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0155.219] CoTaskMemAlloc (cb=0x20e) returned 0x1a94f910 [0155.219] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1a94f910 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0155.219] CoTaskMemFree (pv=0x1a94f910) [0155.220] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x29e760*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x268, hStdError=0x0), lpProcessInformation=0x21fcf00 | out: lpCommandLine="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet", lpProcessInformation=0x21fcf00*(hProcess=0x270, hThread=0x15c, dwProcessId=0xaa4, dwThreadId=0xaa8)) returned 1 [0155.570] CloseHandle (hObject=0x268) returned 1 [0155.591] GetConsoleOutputCP () returned 0x0 [0155.640] GetFileType (hFile=0x26c) returned 0x3 [0155.803] CloseHandle (hObject=0x15c) returned 1 [0155.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x29e440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0155.896] IsAppThemed () returned 0x1 [0155.912] CoTaskMemAlloc (cb=0xf0) returned 0x1a92c7f0 [0155.913] CreateActCtxA (pActCtx=0x29ea10) returned 0x1a94f918 [0156.259] CoTaskMemFree (pv=0x1a92c7f0) [0156.786] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc13b [0156.786] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc133 [0156.905] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0157.458] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7fef4920000 [0157.465] AdjustWindowRectEx (in: lpRect=0x29eae0, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x29eae0) returned 1 [0157.468] GetCurrentProcess () returned 0xffffffffffffffff [0157.468] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x29e8f0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x29e8f0*=0x15c) returned 1 [0157.526] GetCurrentActCtx (in: lphActCtx=0x29e7e0 | out: lphActCtx=0x29e7e0*=0x0) returned 1 [0157.527] ActivateActCtx (in: hActCtx=0x1a94f918, lpCookie=0x29e820 | out: hActCtx=0x1a94f918, lpCookie=0x29e820) returned 1 [0157.527] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0158.166] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7fefc0f0000 [0158.178] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77450000 [0158.179] GetProcAddress (hModule=0x77450000, lpProcName="DefWindowProcW") returned 0x7769b0ac [0158.180] GetStockObject (i=5) returned 0x1900015 [0158.183] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0158.275] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b730 [0158.275] RegisterClassW (lpWndClass=0x29e4c0) returned 0xc134 [0158.275] CoTaskMemFree (pv=0x1a94b730) [0158.275] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0158.276] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r12_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x401b6 [0159.151] SetWindowLongPtrW (hWnd=0x401b6, nIndex=-4, dwNewLong=0x7769b0ac) returned 0x1b0113ec [0159.163] GetWindowLongPtrW (hWnd=0x401b6, nIndex=-4) returned 0x7769b0ac [0159.168] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x29d908 | out: phkResult=0x29d908*=0x288) returned 0x0 [0159.169] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x29d958, lpData=0x0, lpcbData=0x29d950*=0x0 | out: lpType=0x29d958*=0x0, lpData=0x0, lpcbData=0x29d950*=0x0) returned 0x2 [0159.169] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x29d958, lpData=0x0, lpcbData=0x29d950*=0x0 | out: lpType=0x29d958*=0x0, lpData=0x0, lpcbData=0x29d950*=0x0) returned 0x2 [0159.170] RegCloseKey (hKey=0x288) returned 0x0 [0159.171] SetWindowLongPtrW (hWnd=0x401b6, nIndex=-4, dwNewLong=0x1b01143c) returned 0x7769b0ac [0159.171] GetWindowLongPtrW (hWnd=0x401b6, nIndex=-4) returned 0x1b01143c [0159.171] GetWindowLongPtrW (hWnd=0x401b6, nIndex=-16) returned 0x6c10000 [0159.174] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc135 [0159.175] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc136 [0159.175] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x401b6, Msg=0x81, wParam=0x0, lParam=0x29dea0) returned 0x1 [0159.175] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x401b6, Msg=0x83, wParam=0x0, lParam=0x29df50) returned 0x0 [0159.176] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x401b6, Msg=0x1, wParam=0x0, lParam=0x29dea0) returned 0x0 [0159.176] GetClientRect (in: hWnd=0x401b6, lpRect=0x29d960 | out: lpRect=0x29d960) returned 1 [0159.176] GetWindowRect (in: hWnd=0x401b6, lpRect=0x29d960 | out: lpRect=0x29d960) returned 1 [0159.178] GetParent (hWnd=0x401b6) returned 0x0 [0159.178] DeactivateActCtx (dwFlags=0x0, ulCookie=0x100239b500000001) returned 1 [0160.789] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0160.789] AdjustWindowRectEx (in: lpRect=0x29e2d0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2d0) returned 1 [0160.936] GetSystemDefaultLCID () returned 0x409 [0160.937] GetStockObject (i=17) returned 0x18a0025 [0160.979] GetObjectW (in: h=0x18a0025, c=92, pv=0x29de10 | out: pv=0x29de10) returned 92 [0160.980] GetDC (hWnd=0x0) returned 0xa010808 [0161.075] GdiplusStartup (in: token=0x7fe92f89eb8, input=0x29c718, output=0x29c7c8 | out: token=0x7fe92f89eb8, output=0x29c7c8) returned 0x0 [0161.080] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b730 [0161.080] GdipCreateFontFromLogfontW (hdc=0xa010808, logfont=0x1a94b730, font=0x29df50) returned 0x0 [0162.650] CoTaskMemFree (pv=0x1a94b730) [0162.651] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b730 [0162.651] CoTaskMemFree (pv=0x1a94b730) [0162.651] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b730 [0162.652] CoTaskMemFree (pv=0x1a94b730) [0162.653] GdipGetFontUnit (font=0x1bd641a0, unit=0x29dec0) returned 0x0 [0162.653] GdipGetFontSize (font=0x1bd641a0, size=0x29decc) returned 0x0 [0162.653] GdipGetFontStyle (font=0x1bd641a0, style=0x29deb8) returned 0x0 [0162.670] GdipGetFamily (font=0x1bd641a0, family=0x29deb0) returned 0x0 [0162.672] GdipGetFontSize (font=0x1bd641a0, size=0x220a3a8) returned 0x0 [0162.673] ReleaseDC (hWnd=0x0, hDC=0xa010808) returned 1 [0162.675] GetDC (hWnd=0x0) returned 0xa010808 [0162.675] GdipCreateFromHDC (hdc=0xa010808, graphics=0x29dec8) returned 0x0 [0162.679] GdipGetDpiY (graphics=0x1bc1d3c0, dpi=0x220a580) returned 0x0 [0162.680] GdipGetFontHeight (font=0x1bd641a0, graphics=0x1bc1d3c0, height=0x29dec4) returned 0x0 [0162.681] GdipGetEmHeight (family=0x1bd6c5e0, style=0, EmHeight=0x29dec8) returned 0x0 [0162.683] GdipGetLineSpacing (family=0x1bd6c5e0, style=0, LineSpacing=0x29dec8) returned 0x0 [0162.683] GdipDeleteGraphics (graphics=0x1bc1d3c0) returned 0x0 [0162.683] ReleaseDC (hWnd=0x0, hDC=0xa010808) returned 1 [0162.689] GdipCreateFont (fontFamily=0x1bd6c5e0, emSize=0x7fef024cd25, style=0, unit=0x3, font=0x220a510) returned 0x0 [0162.689] GdipGetFontSize (font=0x1bc83a40, size=0x220a518) returned 0x0 [0162.703] GdipDeleteFont (font=0x1bd641a0) returned 0x0 [0162.705] GetDC (hWnd=0x0) returned 0xa010808 [0162.705] GdipCreateFromHDC (hdc=0xa010808, graphics=0x29e028) returned 0x0 [0162.705] GdipGetFontHeight (font=0x1bc83a40, graphics=0x1bc1d3c0, height=0x29e024) returned 0x0 [0162.705] GdipDeleteGraphics (graphics=0x1bc1d3c0) returned 0x0 [0162.705] ReleaseDC (hWnd=0x0, hDC=0xa010808) returned 1 [0162.705] GetSystemMetrics (nIndex=5) returned 1 [0162.705] GetSystemMetrics (nIndex=6) returned 1 [0162.706] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.707] AdjustWindowRectEx (in: lpRect=0x29e2d0, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x29e2d0) returned 1 [0162.732] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.732] AdjustWindowRectEx (in: lpRect=0x29e2b0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2b0) returned 1 [0162.732] GetDC (hWnd=0x0) returned 0xa010808 [0162.732] GdipCreateFromHDC (hdc=0xa010808, graphics=0x29e028) returned 0x0 [0162.732] GdipGetFontHeight (font=0x1bc83a40, graphics=0x1bc1d3c0, height=0x29e024) returned 0x0 [0162.732] GdipDeleteGraphics (graphics=0x1bc1d3c0) returned 0x0 [0162.732] ReleaseDC (hWnd=0x0, hDC=0xa010808) returned 1 [0162.732] GetSystemMetrics (nIndex=5) returned 1 [0162.732] GetSystemMetrics (nIndex=6) returned 1 [0162.732] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.732] AdjustWindowRectEx (in: lpRect=0x29e2d0, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x29e2d0) returned 1 [0162.732] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.733] AdjustWindowRectEx (in: lpRect=0x29e2d0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2d0) returned 1 [0162.733] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.733] AdjustWindowRectEx (in: lpRect=0x29e2d0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2d0) returned 1 [0162.775] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.775] AdjustWindowRectEx (in: lpRect=0x29e280, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e280) returned 1 [0162.886] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.886] AdjustWindowRectEx (in: lpRect=0x29e2e0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2e0) returned 1 [0162.886] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.886] AdjustWindowRectEx (in: lpRect=0x29e2e0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2e0) returned 1 [0162.886] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.886] AdjustWindowRectEx (in: lpRect=0x29e2d0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2d0) returned 1 [0162.887] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0162.887] AdjustWindowRectEx (in: lpRect=0x29e2d0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e2d0) returned 1 [0163.329] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x29e270) returned 0x0 [0163.329] GdipCreateFont (fontFamily=0x1bd6c5e0, emSize=0x7fef024cd25, style=1, unit=0x3, font=0x220c228) returned 0x0 [0163.329] GdipGetFontSize (font=0x1bd641a0, size=0x220c230) returned 0x0 [0163.345] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.345] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.370] GetUserObjectInformationA (in: hObj=0x44, nIndex=1, pvInfo=0x220ccb0, nLength=0xc, lpnLengthNeeded=0x29de20 | out: pvInfo=0x220ccb0, lpnLengthNeeded=0x29de20) returned 1 [0163.415] SetConsoleCtrlHandler (HandlerRoutine=0x1b01148c, Add=1) returned 1 [0163.434] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0163.435] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0163.435] GetClassInfoW (in: hInstance=0x140000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x220cd70 | out: lpWndClass=0x220cd70) returned 0 [0163.436] CoTaskMemAlloc (cb=0x58) returned 0x1a95fd30 [0163.436] RegisterClassW (lpWndClass=0x29dc30) returned 0xc138 [0163.436] CoTaskMemFree (pv=0x1a95fd30) [0163.436] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x40128 [0163.525] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x83, wParam=0x0, lParam=0x29d650) returned 0x0 [0163.525] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x1, wParam=0x0, lParam=0x29d540) returned 0x0 [0163.525] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0163.525] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0163.611] GetSysColor (nIndex=10) returned 0xb4b4b4 [0163.611] GetSysColor (nIndex=2) returned 0xd1b499 [0163.611] GetSysColor (nIndex=9) returned 0x0 [0163.611] GetSysColor (nIndex=12) returned 0xababab [0163.611] GetSysColor (nIndex=15) returned 0xf0f0f0 [0163.611] GetSysColor (nIndex=20) returned 0xffffff [0163.611] GetSysColor (nIndex=16) returned 0xa0a0a0 [0163.611] GetSysColor (nIndex=15) returned 0xf0f0f0 [0163.611] GetSysColor (nIndex=16) returned 0xa0a0a0 [0163.611] GetSysColor (nIndex=21) returned 0x696969 [0163.611] GetSysColor (nIndex=22) returned 0xe3e3e3 [0163.611] GetSysColor (nIndex=20) returned 0xffffff [0163.612] GetSysColor (nIndex=18) returned 0x0 [0163.612] GetSysColor (nIndex=1) returned 0x0 [0163.612] GetSysColor (nIndex=27) returned 0xead1b9 [0163.612] GetSysColor (nIndex=28) returned 0xf2e4d7 [0163.612] GetSysColor (nIndex=17) returned 0x6d6d6d [0163.612] GetSysColor (nIndex=13) returned 0xff9933 [0163.612] GetSysColor (nIndex=14) returned 0xffffff [0163.612] GetSysColor (nIndex=26) returned 0xcc6600 [0163.612] GetSysColor (nIndex=11) returned 0xfcf7f4 [0163.612] GetSysColor (nIndex=3) returned 0xdbcdbf [0163.612] GetSysColor (nIndex=19) returned 0x544e43 [0163.612] GetSysColor (nIndex=24) returned 0xe1ffff [0163.612] GetSysColor (nIndex=23) returned 0x0 [0163.612] GetSysColor (nIndex=4) returned 0xf0f0f0 [0163.612] GetSysColor (nIndex=30) returned 0xf0f0f0 [0163.612] GetSysColor (nIndex=29) returned 0xff9933 [0163.612] GetSysColor (nIndex=7) returned 0x0 [0163.612] GetSysColor (nIndex=0) returned 0xc8c8c8 [0163.612] GetSysColor (nIndex=5) returned 0xffffff [0163.612] GetSysColor (nIndex=6) returned 0x646464 [0163.612] GetSysColor (nIndex=8) returned 0x0 [0163.613] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.613] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.696] IsAppThemed () returned 0x1 [0163.696] GetThemeAppProperties () returned 0x3 [0163.696] GetThemeAppProperties () returned 0x3 [0163.696] OpenThemeData () returned 0x20002 [0163.698] GetSystemMetrics (nIndex=5) returned 1 [0163.698] GetSystemMetrics (nIndex=6) returned 1 [0163.698] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.699] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x568100c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0163.749] GetSystemMetrics (nIndex=5) returned 1 [0163.749] GetSystemMetrics (nIndex=6) returned 1 [0163.750] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.750] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0163.751] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.751] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0163.751] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.751] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0163.754] IsAppThemed () returned 0x1 [0163.754] GetThemeAppProperties () returned 0x3 [0163.754] GetThemeAppProperties () returned 0x3 [0163.754] GetSystemMetrics (nIndex=5) returned 1 [0163.754] GetSystemMetrics (nIndex=6) returned 1 [0163.754] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.754] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x568100c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0163.754] GetSystemMetrics (nIndex=5) returned 1 [0163.754] GetSystemMetrics (nIndex=6) returned 1 [0163.755] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.755] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0163.755] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x29e2c0) returned 0x0 [0163.755] GdipCreateFont (fontFamily=0x1bd6c5e0, emSize=0x7fef024cd25, style=1, unit=0x3, font=0x220e410) returned 0x0 [0163.755] GdipGetFontSize (font=0x1bd6e7b0, size=0x220e418) returned 0x0 [0163.756] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.756] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.756] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.756] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.756] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x29e2c0) returned 0x0 [0163.756] GdipCreateFont (fontFamily=0x1bd6c5e0, emSize=0x7fef024cd25, style=1, unit=0x3, font=0x220e880) returned 0x0 [0163.756] GdipGetFontSize (font=0x1bd6e7f0, size=0x220e888) returned 0x0 [0163.756] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.756] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.757] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.757] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.757] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.757] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.757] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0163.757] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0163.911] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe.config", nBufferLength=0x105, lpBuffer=0x29d960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe.config", lpFilePart=0x0) returned 0x33 [0163.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29de20) returned 1 [0163.911] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sf.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x29df00 | out: lpFileInformation=0x29df00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29dde0) returned 1 [0165.389] GdipLoadImageFromStream (stream=0x2d0020, image=0x29d7f0) returned 0x0 [0165.903] GdipImageForceValidation (image=0x1bcbd2e0) returned 0x0 [0165.909] GdipGetImageType (image=0x1bcbd2e0, type=0x29d7e8) returned 0x0 [0165.911] GdipGetImageRawFormat (image=0x1bcbd2e0, format=0x29d6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0165.922] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.922] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0165.923] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.923] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0165.947] GdipLoadImageFromStream (stream=0x2dffa0, image=0x29d7f0) returned 0x0 [0165.950] GdipImageForceValidation (image=0x1c34a190) returned 0x0 [0165.954] GdipGetImageType (image=0x1c34a190, type=0x29d7e8) returned 0x0 [0165.954] GdipGetImageRawFormat (image=0x1c34a190, format=0x29d6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0165.954] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.954] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0165.954] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.954] AdjustWindowRectEx (in: lpRect=0x29e218, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e218) returned 1 [0165.954] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x29e2c0) returned 0x0 [0165.955] GdipCreateFont (fontFamily=0x1bd6c5e0, emSize=0x7fef024cd25, style=1, unit=0x3, font=0x223c608) returned 0x0 [0165.955] GdipGetFontSize (font=0x1c34ab20, size=0x223c610) returned 0x0 [0165.955] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.955] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0165.955] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.955] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0165.955] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x29e2c0) returned 0x0 [0165.956] GdipCreateFont (fontFamily=0x1bd6c5e0, emSize=0x7fef024cd25, style=1, unit=0x3, font=0x223ca38) returned 0x0 [0165.956] GdipGetFontSize (font=0x1c34ab60, size=0x223ca40) returned 0x0 [0165.956] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.956] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0165.956] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0165.956] AdjustWindowRectEx (in: lpRect=0x29e1a8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e1a8) returned 1 [0166.033] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.033] AdjustWindowRectEx (in: lpRect=0x29e278, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x29e278) returned 1 [0166.033] GetSystemMetrics (nIndex=59) returned 1460 [0166.033] GetSystemMetrics (nIndex=60) returned 920 [0166.033] GetSystemMetrics (nIndex=34) returned 132 [0166.033] GetSystemMetrics (nIndex=35) returned 38 [0166.033] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.034] AdjustWindowRectEx (in: lpRect=0x29e038, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x29e038) returned 1 [0166.035] GetCurrentThreadId () returned 0x9e0 [0166.035] GetCurrentThreadId () returned 0x9e0 [0166.121] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.123] AdjustWindowRectEx (in: lpRect=0x29df88, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df88) returned 1 [0166.130] GdipGetFamilyName (in: family=0x1bd6c5e0, name=0x29dcd0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0166.131] CreateCompatibleDC (hdc=0x0) returned 0x190107fc [0166.133] GetCurrentObject (hdc=0x190107fc, type=0x1) returned 0x1b00017 [0166.133] GetCurrentObject (hdc=0x190107fc, type=0x2) returned 0x1900010 [0166.133] GetCurrentObject (hdc=0x190107fc, type=0x7) returned 0x185000f [0166.133] GetCurrentObject (hdc=0x190107fc, type=0x6) returned 0x18a002e [0166.137] SaveDC (hdc=0x190107fc) returned 1 [0166.139] GetDeviceCaps (hdc=0x190107fc, index=90) returned 96 [0166.140] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0166.140] CreateFontIndirectW (lplf=0x1a94b5e0) returned 0x440a01d5 [0166.140] CoTaskMemFree (pv=0x1a94b5e0) [0166.141] GetObjectW (in: h=0x440a01d5, c=92, pv=0x29dce0 | out: pv=0x29dce0) returned 92 [0166.146] GetCurrentObject (hdc=0x190107fc, type=0x6) returned 0x18a002e [0166.146] GetObjectW (in: h=0x18a002e, c=92, pv=0x29dae0 | out: pv=0x29dae0) returned 92 [0166.148] SelectObject (hdc=0x190107fc, h=0x440a01d5) returned 0x18a002e [0166.148] GetMapMode (hdc=0x190107fc) returned 1 [0166.149] GetTextMetricsW (in: hdc=0x190107fc, lptm=0x29dcf0 | out: lptm=0x29dcf0) returned 1 [0166.149] DrawTextExW (in: hdc=0x190107fc, lpchText="Personal Key:", cchText=13, lprc=0x29def8, format=0x2400, lpdtp=0x223d890 | out: lpchText="Personal Key:", lprc=0x29def8) returned 16 [0166.193] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.193] AdjustWindowRectEx (in: lpRect=0x29dff8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dff8) returned 1 [0166.216] GetCurrentThreadId () returned 0x9e0 [0166.216] GetCurrentThreadId () returned 0x9e0 [0166.216] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.216] AdjustWindowRectEx (in: lpRect=0x29df88, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df88) returned 1 [0166.217] DrawTextExW (in: hdc=0x190107fc, lpchText="500$ or 0.084 BTC", cchText=17, lprc=0x29def8, format=0x2400, lpdtp=0x223dab0 | out: lpchText="500$ or 0.084 BTC", lprc=0x29def8) returned 16 [0166.218] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.218] AdjustWindowRectEx (in: lpRect=0x29dff8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dff8) returned 1 [0166.218] GetCurrentThreadId () returned 0x9e0 [0166.218] GetCurrentThreadId () returned 0x9e0 [0166.218] GetCurrentThreadId () returned 0x9e0 [0166.218] GetCurrentThreadId () returned 0x9e0 [0166.218] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.218] AdjustWindowRectEx (in: lpRect=0x29df88, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df88) returned 1 [0166.218] GdipGetFamilyName (in: family=0x1bd6c5e0, name=0x29dcd0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0166.218] GetDeviceCaps (hdc=0x190107fc, index=90) returned 96 [0166.218] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0166.218] CreateFontIndirectW (lplf=0x1a94b5e0) returned 0x350a080a [0166.218] CoTaskMemFree (pv=0x1a94b5e0) [0166.218] GetObjectW (in: h=0x350a080a, c=92, pv=0x29dce0 | out: pv=0x29dce0) returned 92 [0166.228] SelectObject (hdc=0x190107fc, h=0x350a080a) returned 0x440a01d5 [0166.228] GetMapMode (hdc=0x190107fc) returned 1 [0166.228] GetTextMetricsW (in: hdc=0x190107fc, lptm=0x29dcf0 | out: lptm=0x29dcf0) returned 1 [0166.229] DrawTextExW (in: hdc=0x190107fc, lpchText="Transfer Link", cchText=13, lprc=0x29def8, format=0x2400, lpdtp=0x223e310 | out: lpchText="Transfer Link", lprc=0x29def8) returned 13 [0166.240] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.240] AdjustWindowRectEx (in: lpRect=0x29dff8, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dff8) returned 1 [0166.241] GetCurrentThreadId () returned 0x9e0 [0166.241] GetCurrentThreadId () returned 0x9e0 [0166.241] GetCurrentThreadId () returned 0x9e0 [0166.241] GetCurrentThreadId () returned 0x9e0 [0166.241] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.241] AdjustWindowRectEx (in: lpRect=0x29df88, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df88) returned 1 [0166.241] SelectObject (hdc=0x190107fc, h=0x440a01d5) returned 0x350a080a [0166.241] DrawTextExW (in: hdc=0x190107fc, lpchText="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:", cchText=192, lprc=0x29def8, format=0x2400, lpdtp=0x223e5f8 | out: lpchText="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:", lprc=0x29def8) returned 80 [0166.241] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.241] AdjustWindowRectEx (in: lpRect=0x29dff8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dff8) returned 1 [0166.241] GetCurrentThreadId () returned 0x9e0 [0166.241] GetCurrentThreadId () returned 0x9e0 [0166.242] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.242] AdjustWindowRectEx (in: lpRect=0x29df88, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df88) returned 1 [0166.242] GdipGetFamilyName (in: family=0x1bd6c5e0, name=0x29dcd0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0166.242] GetDeviceCaps (hdc=0x190107fc, index=90) returned 96 [0166.242] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0166.242] CreateFontIndirectW (lplf=0x1a94b5e0) returned 0x70a0811 [0166.242] CoTaskMemFree (pv=0x1a94b5e0) [0166.242] GetObjectW (in: h=0x70a0811, c=92, pv=0x29dce0 | out: pv=0x29dce0) returned 92 [0166.242] SelectObject (hdc=0x190107fc, h=0x70a0811) returned 0x440a01d5 [0166.242] GetMapMode (hdc=0x190107fc) returned 1 [0166.242] GetTextMetricsW (in: hdc=0x190107fc, lptm=0x29dcf0 | out: lptm=0x29dcf0) returned 1 [0166.243] DrawTextExW (in: hdc=0x190107fc, lpchText="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.", cchText=102, lprc=0x29def8, format=0x2400, lpdtp=0x223ea50 | out: lpchText="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.", lprc=0x29def8) returned 36 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetCurrentThreadId () returned 0x9e0 [0166.251] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0166.251] AdjustWindowRectEx (in: lpRect=0x29df88, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df88) returned 1 [0166.251] GdipGetFamilyName (in: family=0x1bd6c5e0, name=0x29dcd0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0166.252] GetDeviceCaps (hdc=0x190107fc, index=90) returned 96 [0166.252] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0166.252] CreateFontIndirectW (lplf=0x1a94b5e0) returned 0x90a0809 [0166.252] CoTaskMemFree (pv=0x1a94b5e0) [0166.252] GetObjectW (in: h=0x90a0809, c=92, pv=0x29dce0 | out: pv=0x29dce0) returned 92 [0166.252] SelectObject (hdc=0x190107fc, h=0x90a0809) returned 0x70a0811 [0166.252] GetMapMode (hdc=0x190107fc) returned 1 [0166.252] GetTextMetricsW (in: hdc=0x190107fc, lptm=0x29dcf0 | out: lptm=0x29dcf0) returned 1 [0168.478] DrawTextExW (in: hdc=0x190107fc, lpchText="BlackHat", cchText=8, lprc=0x29def8, format=0x2401, lpdtp=0x223f058 | out: lpchText="BlackHat", lprc=0x29def8) returned 73 [0168.484] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x29e2c0) returned 0x0 [0168.504] GdipCreateFont (fontFamily=0x1bd6c5e0, emSize=0x7fef024cd25, style=1, unit=0x3, font=0x223f248) returned 0x0 [0168.504] GdipGetFontSize (font=0x1c34aba0, size=0x223f250) returned 0x0 [0168.505] CreateCompatibleDC (hdc=0x0) returned 0x701080b [0168.506] GetDC (hWnd=0x0) returned 0xa010808 [0168.506] GdipCreateFromHDC (hdc=0xa010808, graphics=0x29df18) returned 0x0 [0168.506] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0168.506] GdipGetLogFontW (font=0x1c34aba0, graphics=0x1c34abe0, logfontW=0x1a94b5e0) returned 0x0 [0168.507] CoTaskMemFree (pv=0x1a94b5e0) [0168.507] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0168.507] CoTaskMemFree (pv=0x1a94b5e0) [0168.507] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0168.507] CoTaskMemFree (pv=0x1a94b5e0) [0168.507] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0168.507] ReleaseDC (hWnd=0x0, hDC=0xa010808) returned 1 [0168.507] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0168.507] CreateFontIndirectW (lplf=0x1a94b5e0) returned 0x80a0819 [0168.508] CoTaskMemFree (pv=0x1a94b5e0) [0168.508] SelectObject (hdc=0x701080b, h=0x80a0819) returned 0x18a002e [0168.508] GetTextMetricsW (in: hdc=0x701080b, lptm=0x29e158 | out: lptm=0x29e158) returned 1 [0168.508] GetTextExtentPoint32W (in: hdc=0x701080b, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x223ff68 | out: psizl=0x223ff68) returned 1 [0168.509] SelectObject (hdc=0x701080b, h=0x18a002e) returned 0x80a0819 [0168.553] DeleteDC (hdc=0x701080b) returned 1 [0168.554] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.554] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.554] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.554] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.555] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.555] AdjustWindowRectEx (in: lpRect=0x29dc38, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dc38) returned 1 [0168.555] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.555] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.555] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.555] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.555] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.555] AdjustWindowRectEx (in: lpRect=0x29dc38, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dc38) returned 1 [0168.555] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.555] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x46000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.556] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.556] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x46000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.556] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.556] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.556] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.556] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.556] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.556] AdjustWindowRectEx (in: lpRect=0x29dc38, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dc38) returned 1 [0168.557] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.557] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.557] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.557] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.557] GetSystemMetrics (nIndex=5) returned 1 [0168.557] GetSystemMetrics (nIndex=6) returned 1 [0168.557] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.557] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.557] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.557] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.557] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.557] AdjustWindowRectEx (in: lpRect=0x29dc38, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dc38) returned 1 [0168.558] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.558] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.558] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.558] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.558] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.558] AdjustWindowRectEx (in: lpRect=0x29dc38, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dc38) returned 1 [0168.558] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.558] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.558] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.558] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.559] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.559] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.559] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.559] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.559] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.559] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.559] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.559] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.559] GetSystemMetrics (nIndex=5) returned 1 [0168.559] GetSystemMetrics (nIndex=6) returned 1 [0168.559] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.559] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0168.560] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.560] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0168.560] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.560] AdjustWindowRectEx (in: lpRect=0x29dc38, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dc38) returned 1 [0168.618] DeleteObject (ho=0x80a0819) returned 1 [0168.618] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.618] AdjustWindowRectEx (in: lpRect=0x29df28, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df28) returned 1 [0168.618] GdipGetFamilyName (in: family=0x1bd6c5e0, name=0x29dc70, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0168.618] GetDeviceCaps (hdc=0x190107fc, index=90) returned 96 [0168.618] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0168.618] CreateFontIndirectW (lplf=0x1a94b5e0) returned 0x90a0819 [0168.618] CoTaskMemFree (pv=0x1a94b5e0) [0168.619] GetObjectW (in: h=0x90a0819, c=92, pv=0x29dc80 | out: pv=0x29dc80) returned 92 [0168.619] SelectObject (hdc=0x190107fc, h=0x90a0819) returned 0x90a0809 [0168.619] GetMapMode (hdc=0x190107fc) returned 1 [0168.619] GetTextMetricsW (in: hdc=0x190107fc, lptm=0x29dc90 | out: lptm=0x29dc90) returned 1 [0168.619] DrawTextExW (in: hdc=0x190107fc, lpchText="Transfer Link", cchText=13, lprc=0x29de98, format=0x2400, lpdtp=0x2240fd0 | out: lpchText="Transfer Link", lprc=0x29de98) returned 13 [0168.627] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.627] AdjustWindowRectEx (in: lpRect=0x29df98, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29df98) returned 1 [0168.627] GetDC (hWnd=0x0) returned 0xa010808 [0168.627] GdipCreateFromHDC (hdc=0xa010808, graphics=0x29dfc8) returned 0x0 [0168.628] GdipGetFontHeight (font=0x1c34aba0, graphics=0x1c34abe0, height=0x29dfc4) returned 0x0 [0168.628] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0168.628] ReleaseDC (hWnd=0x0, hDC=0xa010808) returned 1 [0168.628] GetSystemMetrics (nIndex=5) returned 1 [0168.628] GetSystemMetrics (nIndex=6) returned 1 [0168.628] GetSystemMetrics (nIndex=5) returned 1 [0168.628] GetSystemMetrics (nIndex=6) returned 1 [0168.628] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.628] AdjustWindowRectEx (in: lpRect=0x29e078, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e078) returned 1 [0168.822] GetSystemMetrics (nIndex=5) returned 1 [0168.822] GetSystemMetrics (nIndex=6) returned 1 [0168.822] GetSystemMetrics (nIndex=5) returned 1 [0168.822] GetSystemMetrics (nIndex=6) returned 1 [0168.822] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.822] AdjustWindowRectEx (in: lpRect=0x29e078, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e078) returned 1 [0168.823] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.823] AdjustWindowRectEx (in: lpRect=0x29e080, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x29e080) returned 1 [0168.823] AdjustWindowRectEx (in: lpRect=0x29e1f8, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x29e1f8) returned 1 [0168.823] GetSystemMetrics (nIndex=59) returned 1460 [0168.823] GetSystemMetrics (nIndex=60) returned 920 [0168.823] GetSystemMetrics (nIndex=34) returned 132 [0168.823] GetSystemMetrics (nIndex=35) returned 38 [0168.823] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0168.823] AdjustWindowRectEx (in: lpRect=0x29de30, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x29de30) returned 1 [0168.823] AdjustWindowRectEx (in: lpRect=0x29dfb8, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x29dfb8) returned 1 [0169.416] GetSystemMetrics (nIndex=11) returned 32 [0169.416] GetSystemMetrics (nIndex=12) returned 32 [0169.416] GetDC (hWnd=0x0) returned 0xa010808 [0169.416] GetDeviceCaps (hdc=0xa010808, index=12) returned 32 [0169.416] GetDeviceCaps (hdc=0xa010808, index=14) returned 1 [0169.416] ReleaseDC (hWnd=0x0, hDC=0xa010808) returned 1 [0169.417] CreateIconFromResourceEx (presbits=0x224f8f0, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x200f1 [0169.459] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.459] AdjustWindowRectEx (in: lpRect=0x29ddb0, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x29ddb0) returned 1 [0169.459] GetCursorPos (in: lpPoint=0x2250ca0 | out: lpPoint=0x2250ca0*(x=343, y=111)) returned 1 [0169.548] GetSystemMetrics (nIndex=80) returned 1 [0169.549] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29db60 | out: lpmi=0x29db60) returned 1 [0169.549] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x1401081c [0169.550] GetDeviceCaps (hdc=0x1401081c, index=12) returned 32 [0169.550] GetDeviceCaps (hdc=0x1401081c, index=14) returned 1 [0169.550] DeleteDC (hdc=0x1401081c) returned 1 [0169.550] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29dc30 | out: lpmi=0x29dc30) returned 1 [0169.550] AdjustWindowRectEx (in: lpRect=0x29e030, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x29e030) returned 1 [0169.550] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.550] AdjustWindowRectEx (in: lpRect=0x29dca0, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x29dca0) returned 1 [0169.550] GetCursorPos (in: lpPoint=0x2251108 | out: lpPoint=0x2251108*(x=343, y=111)) returned 1 [0169.550] MonitorFromPoint (pt=0x7000000157, dwFlags=0x2) returned 0x10001 [0169.550] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29da50 | out: lpmi=0x29da50) returned 1 [0169.550] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x1501081c [0169.550] GetDeviceCaps (hdc=0x1501081c, index=12) returned 32 [0169.550] GetDeviceCaps (hdc=0x1501081c, index=14) returned 1 [0169.551] DeleteDC (hdc=0x1501081c) returned 1 [0169.551] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29db20 | out: lpmi=0x29db20) returned 1 [0169.551] AdjustWindowRectEx (in: lpRect=0x29de20, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x29de20) returned 1 [0169.551] GetSystemMetrics (nIndex=34) returned 132 [0169.551] GetSystemMetrics (nIndex=35) returned 38 [0169.551] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.551] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0169.551] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.551] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0169.551] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.551] AdjustWindowRectEx (in: lpRect=0x29dc38, dwStyle=0x4601000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29dc38) returned 1 [0169.551] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.551] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0169.551] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.551] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0169.552] GetSystemMetrics (nIndex=5) returned 1 [0169.552] GetSystemMetrics (nIndex=6) returned 1 [0169.552] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.552] AdjustWindowRectEx (in: lpRect=0x29e040, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29e040) returned 1 [0169.552] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fef4920000 [0169.552] AdjustWindowRectEx (in: lpRect=0x29de90, dwStyle=0x568108c0, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de90) returned 1 [0169.552] GetSystemMetrics (nIndex=5) returned 1 [0169.552] GetSystemMetrics (nIndex=6) returned 1 [0169.557] GetCurrentActCtx (in: lphActCtx=0x29eb00 | out: lphActCtx=0x29eb00*=0x0) returned 1 [0169.557] ActivateActCtx (in: hActCtx=0x1a94f918, lpCookie=0x29eb40 | out: hActCtx=0x1a94f918, lpCookie=0x29eb40) returned 1 [0169.557] GetCurrentActCtx (in: lphActCtx=0x29e790 | out: lphActCtx=0x29e790*=0x1a94f918) returned 1 [0169.557] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.557] AdjustWindowRectEx (in: lpRect=0x29e6b0, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x29e6b0) returned 1 [0169.557] GetCursorPos (in: lpPoint=0x2251d48 | out: lpPoint=0x2251d48*(x=343, y=111)) returned 1 [0169.557] MonitorFromPoint (pt=0x6f00000157, dwFlags=0x2) returned 0x10001 [0169.557] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29e460 | out: lpmi=0x29e460) returned 1 [0169.558] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x1601081c [0169.558] GetDeviceCaps (hdc=0x1601081c, index=12) returned 32 [0169.558] GetDeviceCaps (hdc=0x1601081c, index=14) returned 1 [0169.558] DeleteDC (hdc=0x1601081c) returned 1 [0169.558] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29e530 | out: lpmi=0x29e530) returned 1 [0169.558] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.558] CreateWindowExW (dwExStyle=0x10001, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r12_ad1", lpWindowName="BlackHat - Your Personal Files Crypted.", dwStyle=0x2c80000, X=353, Y=148, nWidth=733, nHeight=564, hWndParent=0x0, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x501ac [0169.558] SetWindowLongPtrW (hWnd=0x501ac, nIndex=-4, dwNewLong=0x7769b0ac) returned 0x1b0113ec [0169.558] GetWindowLongPtrW (hWnd=0x501ac, nIndex=-4) returned 0x7769b0ac [0169.558] SetWindowLongPtrW (hWnd=0x501ac, nIndex=-4, dwNewLong=0x1b011c3c) returned 0x7769b0ac [0169.558] GetWindowLongPtrW (hWnd=0x501ac, nIndex=-4) returned 0x1b011c3c [0169.558] GetWindowLongPtrW (hWnd=0x501ac, nIndex=-16) returned 0x6c80000 [0169.558] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x81, wParam=0x0, lParam=0x29de50) returned 0x1 [0169.559] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x83, wParam=0x0, lParam=0x29df00) returned 0x0 [0169.655] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x1, wParam=0x0, lParam=0x29ddf0) returned 0x0 [0169.655] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d870 | out: lpRect=0x29d870) returned 1 [0169.655] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29d870 | out: lpRect=0x29d870) returned 1 [0169.655] SetWindowTextW (hWnd=0x501ac, lpString="BlackHat - Your Personal Files Crypted.") returned 1 [0169.655] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xc, wParam=0x0, lParam=0x2250b9c) returned 0x1 [0169.656] GetStartupInfoW (in: lpStartupInfo=0x22521d0 | out: lpStartupInfo=0x22521d0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0169.657] GetParent (hWnd=0x501ac) returned 0x0 [0169.657] GetStockObject (i=5) returned 0x1900015 [0169.658] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.658] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0169.658] RegisterClassW (lpWndClass=0x29e480) returned 0xc13c [0169.658] CoTaskMemFree (pv=0x1a94b5e0) [0169.658] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.658] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r12_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x301b0 [0169.658] SetWindowLongPtrW (hWnd=0x301b0, nIndex=-4, dwNewLong=0x7769b0ac) returned 0x1b011c8c [0169.658] GetWindowLongPtrW (hWnd=0x301b0, nIndex=-4) returned 0x7769b0ac [0169.658] SetWindowLongPtrW (hWnd=0x301b0, nIndex=-4, dwNewLong=0x1b011cdc) returned 0x7769b0ac [0169.658] GetWindowLongPtrW (hWnd=0x301b0, nIndex=-4) returned 0x1b011cdc [0169.658] GetWindowLongPtrW (hWnd=0x301b0, nIndex=-16) returned 0x4c00000 [0169.658] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x24, wParam=0x0, lParam=0x29def0) returned 0x0 [0169.659] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x81, wParam=0x0, lParam=0x29de60) returned 0x1 [0169.659] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x83, wParam=0x0, lParam=0x29df10) returned 0x0 [0169.659] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x1, wParam=0x0, lParam=0x29de60) returned 0x0 [0169.659] SetWindowLongPtrW (hWnd=0x501ac, nIndex=-8, dwNewLong=0x301b0) returned 0x0 [0169.659] SendMessageW (hWnd=0x501ac, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0 [0169.659] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0 [0169.660] SendMessageW (hWnd=0x501ac, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0 [0169.660] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0 [0169.662] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0169.662] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0169.662] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0169.664] GetSystemMenu (hWnd=0x501ac, bRevert=0) returned 0xb006b [0169.665] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e798 | out: lpwndpl=0x29e798) returned 1 [0169.666] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf020, uEnable=0x1) returned 0 [0169.666] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf030, uEnable=0x1) returned 0 [0169.666] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0169.666] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0169.666] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf000, uEnable=0x1) returned 0 [0169.666] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e860 | out: lpRect=0x29e860) returned 1 [0169.666] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e790 | out: lpRect=0x29e790) returned 1 [0169.666] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e790 | out: lpRect=0x29e790) returned 1 [0169.666] SetWindowLongPtrW (hWnd=0x501ac, nIndex=-8, dwNewLong=0x301b0) returned 0x301b0 [0169.668] SendMessageW (hWnd=0x301b0, Msg=0x80, wParam=0x1, lParam=0x200f1) returned 0x0 [0169.668] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x80, wParam=0x1, lParam=0x200f1) returned 0x0 [0169.669] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae05330) returned 0x0 [0169.669] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae05330) returned 0x0 [0169.669] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.669] GetWindowLongPtrW (hWnd=0x501ac, nIndex=-16) returned 0x6c80000 [0169.669] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0169.669] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0169.670] GetSystemMetrics (nIndex=42) returned 0 [0169.670] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29e550, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0169.670] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29e550) returned 0x27 [0169.670] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0169.670] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0169.670] GetSystemMetrics (nIndex=42) returned 0 [0169.670] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29e550, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0169.670] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29e550) returned 0x27 [0169.670] GetCursorPos (in: lpPoint=0x2252a08 | out: lpPoint=0x2252a08*(x=343, y=111)) returned 1 [0169.670] MonitorFromPoint (pt=0x700000015a, dwFlags=0x2) returned 0x10001 [0169.670] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29e430 | out: lpmi=0x29e430) returned 1 [0169.671] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x2301081c [0169.671] GetDeviceCaps (hdc=0x2301081c, index=12) returned 32 [0169.671] GetDeviceCaps (hdc=0x2301081c, index=14) returned 1 [0169.671] DeleteDC (hdc=0x2301081c) returned 1 [0169.671] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29e500 | out: lpmi=0x29e500) returned 1 [0169.671] GetWindowLongPtrW (hWnd=0x501ac, nIndex=-16) returned 0x6c80000 [0169.671] GetWindowLongPtrW (hWnd=0x501ac, nIndex=-20) returned 0x10101 [0169.671] SetWindowLongPtrW (hWnd=0x501ac, nIndex=-16, dwNewLong=0x2c80000) returned 0x6c80000 [0169.671] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x29e670) returned 0x0 [0169.671] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x29e670) returned 0x0 [0169.671] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0169.671] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0169.671] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0169.671] SetWindowLongPtrW (hWnd=0x501ac, nIndex=-20, dwNewLong=0x10001) returned 0x10101 [0169.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0x29e670) returned 0x0 [0169.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0x29e670) returned 0x0 [0169.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0169.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0169.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0169.672] SetWindowPos (hWnd=0x501ac, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0169.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e6c0) returned 0x0 [0169.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x83, wParam=0x1, lParam=0x29e690) returned 0x0 [0169.673] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e298 | out: lpwndpl=0x29e298) returned 1 [0169.673] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x47, wParam=0x0, lParam=0x29e6c0) returned 0x0 [0169.673] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e130 | out: lpRect=0x29e130) returned 1 [0169.673] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e130 | out: lpRect=0x29e130) returned 1 [0169.674] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0169.674] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0169.674] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0169.777] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x83, wParam=0x1, lParam=0x29e020) returned 0x0 [0169.777] RedrawWindow (hWnd=0x501ac, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.778] GetSystemMenu (hWnd=0x501ac, bRevert=0) returned 0xb006b [0169.778] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e738 | out: lpwndpl=0x29e738) returned 1 [0169.778] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf020, uEnable=0x1) returned 1 [0169.778] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf030, uEnable=0x1) returned 1 [0169.778] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0169.779] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0169.779] EnableMenuItem (hMenu=0xb006b, uIDEnableItem=0xf000, uEnable=0x1) returned 1 [0169.779] ShowWindow (hWnd=0x501ac, nCmdShow=5) returned 0 [0169.779] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.780] GetCurrentActCtx (in: lphActCtx=0x29e180 | out: lphActCtx=0x29e180*=0x1a94f918) returned 1 [0169.780] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.783] GetClassInfoW (in: hInstance=0x0, lpClassName="STATIC", lpWndClass=0x2252e80 | out: lpWndClass=0x2252e80) returned 1 [0169.784] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.784] CoTaskMemAlloc (cb=0x58) returned 0x1a95fd30 [0169.784] RegisterClassW (lpWndClass=0x29de60) returned 0xc0e3 [0169.784] CoTaskMemFree (pv=0x1a95fd30) [0169.784] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.784] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r12_ad1", lpWindowName="Personal Key:", dwStyle=0x5600000d, X=12, Y=133, nWidth=103, nHeight=16, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x301b2 [0169.784] SetWindowLongPtrW (hWnd=0x301b2, nIndex=-4, dwNewLong=0x7fefc1961b4) returned 0x1b011d2c [0169.784] GetWindowLongPtrW (hWnd=0x301b2, nIndex=-4) returned 0x7fefc1961b4 [0169.785] SetWindowLongPtrW (hWnd=0x301b2, nIndex=-4, dwNewLong=0x1b011d7c) returned 0x7fefc1961b4 [0169.785] GetWindowLongPtrW (hWnd=0x301b2, nIndex=-4) returned 0x1b011d7c [0169.785] GetWindowLongPtrW (hWnd=0x301b2, nIndex=-16) returned 0x4600000d [0169.785] GetWindowLongPtrW (hWnd=0x301b2, nIndex=-12) returned 0x0 [0169.785] SetWindowLongPtrW (hWnd=0x301b2, nIndex=-12, dwNewLong=0x301b2) returned 0x0 [0169.785] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x81, wParam=0x0, lParam=0x29d840) returned 0x1 [0169.785] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x83, wParam=0x0, lParam=0x29d8f0) returned 0x0 [0169.785] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x1, wParam=0x0, lParam=0x29d810) returned 0x0 [0169.786] GetWindow (hWnd=0x301b2, uCmd=0x3) returned 0x0 [0169.786] GetClientRect (in: hWnd=0x301b2, lpRect=0x29d250 | out: lpRect=0x29d250) returned 1 [0169.786] GetWindowRect (in: hWnd=0x301b2, lpRect=0x29d250 | out: lpRect=0x29d250) returned 1 [0169.786] GetParent (hWnd=0x301b2) returned 0x501ac [0169.787] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d250, cPoints=0x2 | out: lpPoints=0x29d250) returned -11272548 [0169.787] SetWindowTextW (hWnd=0x301b2, lpString="Personal Key:") returned 1 [0169.787] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xc, wParam=0x0, lParam=0x223cda4) returned 0x1 [0169.787] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x5, wParam=0x0, lParam=0x100067) returned 0x0 [0169.788] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x3, wParam=0x0, lParam=0x85000c) returned 0x0 [0169.788] GetClientRect (in: hWnd=0x301b2, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.788] GetWindowRect (in: hWnd=0x301b2, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.788] GetParent (hWnd=0x301b2) returned 0x501ac [0169.788] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d390, cPoints=0x2 | out: lpPoints=0x29d390) returned -11272548 [0169.790] SendMessageW (hWnd=0x301b2, Msg=0x2210, wParam=0x1b20001, lParam=0x301b2) returned 0x0 [0169.790] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x2210, wParam=0x1b20001, lParam=0x301b2) returned 0x0 [0169.790] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.790] GetParent (hWnd=0x301b2) returned 0x501ac [0169.790] GetCurrentActCtx (in: lphActCtx=0x29e180 | out: lphActCtx=0x29e180*=0x1a94f918) returned 1 [0169.790] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.790] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.790] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r12_ad1", lpWindowName="500$ or 0.084 BTC", dwStyle=0x5600000d, X=289, Y=378, nWidth=131, nHeight=16, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x301ae [0169.790] SetWindowLongPtrW (hWnd=0x301ae, nIndex=-4, dwNewLong=0x7fefc1961b4) returned 0x1b011d2c [0169.790] GetWindowLongPtrW (hWnd=0x301ae, nIndex=-4) returned 0x7fefc1961b4 [0169.791] SetWindowLongPtrW (hWnd=0x301ae, nIndex=-4, dwNewLong=0x1b011dcc) returned 0x7fefc1961b4 [0169.791] GetWindowLongPtrW (hWnd=0x301ae, nIndex=-4) returned 0x1b011dcc [0169.791] GetWindowLongPtrW (hWnd=0x301ae, nIndex=-16) returned 0x4600000d [0169.791] GetWindowLongPtrW (hWnd=0x301ae, nIndex=-12) returned 0x0 [0169.791] SetWindowLongPtrW (hWnd=0x301ae, nIndex=-12, dwNewLong=0x301ae) returned 0x0 [0169.791] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x81, wParam=0x0, lParam=0x29d840) returned 0x1 [0169.791] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x83, wParam=0x0, lParam=0x29d8f0) returned 0x0 [0169.791] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x1, wParam=0x0, lParam=0x29d810) returned 0x0 [0169.791] GetWindow (hWnd=0x301ae, uCmd=0x3) returned 0x301b2 [0169.791] GetClientRect (in: hWnd=0x301ae, lpRect=0x29d250 | out: lpRect=0x29d250) returned 1 [0169.791] GetWindowRect (in: hWnd=0x301ae, lpRect=0x29d250 | out: lpRect=0x29d250) returned 1 [0169.791] GetParent (hWnd=0x301ae) returned 0x501ac [0169.791] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d250, cPoints=0x2 | out: lpPoints=0x29d250) returned -11272548 [0169.792] SetWindowTextW (hWnd=0x301ae, lpString="500$ or 0.084 BTC") returned 1 [0169.792] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xc, wParam=0x0, lParam=0x223c974) returned 0x1 [0169.792] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x5, wParam=0x0, lParam=0x100083) returned 0x0 [0169.792] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x3, wParam=0x0, lParam=0x17a0121) returned 0x0 [0169.792] GetClientRect (in: hWnd=0x301ae, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.792] GetWindowRect (in: hWnd=0x301ae, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.792] GetParent (hWnd=0x301ae) returned 0x501ac [0169.792] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d390, cPoints=0x2 | out: lpPoints=0x29d390) returned -11272548 [0169.792] SendMessageW (hWnd=0x301ae, Msg=0x2210, wParam=0x1ae0001, lParam=0x301ae) returned 0x0 [0169.792] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x2210, wParam=0x1ae0001, lParam=0x301ae) returned 0x0 [0169.792] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.792] GetParent (hWnd=0x301ae) returned 0x501ac [0169.792] GetCurrentActCtx (in: lphActCtx=0x29e140 | out: lphActCtx=0x29e140*=0x1a94f918) returned 1 [0169.793] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.793] GetClassInfoW (in: hInstance=0x0, lpClassName="EDIT", lpWndClass=0x2253508 | out: lpWndClass=0x2253508) returned 1 [0169.793] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.793] CoTaskMemAlloc (cb=0x54) returned 0x1a95fd30 [0169.793] RegisterClassW (lpWndClass=0x29de20) returned 0xc13a [0169.793] CoTaskMemFree (pv=0x1a95fd30) [0169.793] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.793] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r12_ad1", lpWindowName="39PAvwFUa4EZaUpZ1RLpXafSSxW2kX9sgC", dwStyle=0x568108c0, X=205, Y=439, nWidth=364, nHeight=19, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x301b4 [0169.794] SetWindowLongPtrW (hWnd=0x301b4, nIndex=-4, dwNewLong=0x7fefc19975c) returned 0x1b011e1c [0169.794] GetWindowLongPtrW (hWnd=0x301b4, nIndex=-4) returned 0x7fefc19975c [0169.794] SetWindowLongPtrW (hWnd=0x301b4, nIndex=-4, dwNewLong=0x1b011e6c) returned 0x7fefc19975c [0169.794] GetWindowLongPtrW (hWnd=0x301b4, nIndex=-4) returned 0x1b011e6c [0169.794] GetWindowLongPtrW (hWnd=0x301b4, nIndex=-16) returned 0x468108c0 [0169.794] GetWindowLongPtrW (hWnd=0x301b4, nIndex=-12) returned 0x0 [0169.794] SetWindowLongPtrW (hWnd=0x301b4, nIndex=-12, dwNewLong=0x301b4) returned 0x0 [0169.794] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x81, wParam=0x0, lParam=0x29d800) returned 0x1 [0169.794] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x29cf60) returned 0x0 [0169.887] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x29cf60) returned 0x1 [0169.888] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x83, wParam=0x0, lParam=0x29d8b0) returned 0x0 [0169.888] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x1, wParam=0x0, lParam=0x29d7b0) returned 0x1 [0169.889] SendMessageW (hWnd=0x301b4, Msg=0x2111, wParam=0x40001b4, lParam=0x301b4) returned 0x0 [0169.889] SendMessageW (hWnd=0x301b4, Msg=0x2111, wParam=0x30001b4, lParam=0x301b4) returned 0x0 [0169.889] SendMessageW (hWnd=0x301b4, Msg=0x2055, wParam=0x301b4, lParam=0x3) returned 0x2 [0169.889] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0 [0169.889] GetWindow (hWnd=0x301b4, uCmd=0x3) returned 0x301ae [0169.889] GetClientRect (in: hWnd=0x301b4, lpRect=0x29d220 | out: lpRect=0x29d220) returned 1 [0169.889] GetWindowRect (in: hWnd=0x301b4, lpRect=0x29d220 | out: lpRect=0x29d220) returned 1 [0169.889] GetParent (hWnd=0x301b4) returned 0x501ac [0169.889] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d220, cPoints=0x2 | out: lpPoints=0x29d220) returned -11272548 [0169.889] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0169.889] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0169.889] GetSystemMetrics (nIndex=42) returned 0 [0169.889] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cee0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0169.889] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cee0) returned 0x27 [0169.891] GetDC (hWnd=0x0) returned 0x7010804 [0169.891] GdipCreateFromHDC (hdc=0x7010804, graphics=0x29ce78) returned 0x0 [0169.891] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0169.891] GdipGetLogFontW (font=0x1c34aba0, graphics=0x1c34abe0, logfontW=0x1a94b5e0) returned 0x0 [0169.892] CoTaskMemFree (pv=0x1a94b5e0) [0169.892] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0169.892] CoTaskMemFree (pv=0x1a94b5e0) [0169.892] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0169.892] CoTaskMemFree (pv=0x1a94b5e0) [0169.892] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0169.892] ReleaseDC (hWnd=0x0, hDC=0x7010804) returned 1 [0169.892] CoTaskMemAlloc (cb=0x5c) returned 0x1a94b5e0 [0169.892] CreateFontIndirectW (lplf=0x1a94b5e0) returned 0x280a07ba [0169.892] CoTaskMemFree (pv=0x1a94b5e0) [0169.892] SendMessageW (hWnd=0x301b4, Msg=0x30, wParam=0x280a07ba, lParam=0x0) returned 0x1 [0169.892] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x30, wParam=0x280a07ba, lParam=0x0) returned 0x1 [0169.893] SendMessageW (hWnd=0x301b4, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0169.893] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0169.893] SetWindowTextW (hWnd=0x301b4, lpString="39PAvwFUa4EZaUpZ1RLpXafSSxW2kX9sgC") returned 1 [0169.893] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xc, wParam=0x0, lParam=0x220e1d4) returned 0x1 [0169.894] SendMessageW (hWnd=0x301b4, Msg=0x2111, wParam=0x40001b4, lParam=0x301b4) returned 0x0 [0169.894] SendMessageW (hWnd=0x301b4, Msg=0x2111, wParam=0x30001b4, lParam=0x301b4) returned 0x0 [0169.894] GetSystemMetrics (nIndex=5) returned 1 [0169.894] GetSystemMetrics (nIndex=6) returned 1 [0169.894] SendMessageW (hWnd=0x301b4, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0169.894] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0169.894] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x5, wParam=0x0, lParam=0x13016c) returned 0x0 [0169.894] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x3, wParam=0x0, lParam=0x1b700cd) returned 0x0 [0169.894] GetClientRect (in: hWnd=0x301b4, lpRect=0x29d380 | out: lpRect=0x29d380) returned 1 [0169.894] GetWindowRect (in: hWnd=0x301b4, lpRect=0x29d380 | out: lpRect=0x29d380) returned 1 [0169.894] GetParent (hWnd=0x301b4) returned 0x501ac [0169.894] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d380, cPoints=0x2 | out: lpPoints=0x29d380) returned -11272548 [0169.894] SendMessageW (hWnd=0x301b4, Msg=0x2210, wParam=0x1b40001, lParam=0x301b4) returned 0x0 [0169.894] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x2210, wParam=0x1b40001, lParam=0x301b4) returned 0x0 [0169.894] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.894] GetParent (hWnd=0x301b4) returned 0x501ac [0169.894] GetCurrentActCtx (in: lphActCtx=0x29e180 | out: lphActCtx=0x29e180*=0x1a94f918) returned 1 [0169.895] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.895] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.895] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r12_ad1", lpWindowName="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:", dwStyle=0x5600000d, X=37, Y=378, nWidth=675, nHeight=80, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x201b8 [0169.895] SetWindowLongPtrW (hWnd=0x201b8, nIndex=-4, dwNewLong=0x7fefc1961b4) returned 0x1b011d2c [0169.895] GetWindowLongPtrW (hWnd=0x201b8, nIndex=-4) returned 0x7fefc1961b4 [0169.895] SetWindowLongPtrW (hWnd=0x201b8, nIndex=-4, dwNewLong=0x1b011ebc) returned 0x7fefc1961b4 [0169.895] GetWindowLongPtrW (hWnd=0x201b8, nIndex=-4) returned 0x1b011ebc [0169.895] GetWindowLongPtrW (hWnd=0x201b8, nIndex=-16) returned 0x4600000d [0169.895] GetWindowLongPtrW (hWnd=0x201b8, nIndex=-12) returned 0x0 [0169.895] SetWindowLongPtrW (hWnd=0x201b8, nIndex=-12, dwNewLong=0x201b8) returned 0x0 [0169.895] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x81, wParam=0x0, lParam=0x29d840) returned 0x1 [0169.896] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x83, wParam=0x0, lParam=0x29d8f0) returned 0x0 [0169.896] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x1, wParam=0x0, lParam=0x29d6b0) returned 0x0 [0169.896] GetWindow (hWnd=0x201b8, uCmd=0x3) returned 0x301b4 [0169.896] GetClientRect (in: hWnd=0x201b8, lpRect=0x29d0f0 | out: lpRect=0x29d0f0) returned 1 [0169.896] GetWindowRect (in: hWnd=0x201b8, lpRect=0x29d0f0 | out: lpRect=0x29d0f0) returned 1 [0169.896] GetParent (hWnd=0x201b8) returned 0x501ac [0169.896] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d0f0, cPoints=0x2 | out: lpPoints=0x29d0f0) returned -11272548 [0169.897] SetWindowTextW (hWnd=0x201b8, lpString="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:") returned 1 [0169.897] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xc, wParam=0x0, lParam=0x220eb9c) returned 0x1 [0169.897] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x5, wParam=0x0, lParam=0x5002a3) returned 0x0 [0169.897] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x3, wParam=0x0, lParam=0x17a0025) returned 0x0 [0169.897] GetClientRect (in: hWnd=0x201b8, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.897] GetWindowRect (in: hWnd=0x201b8, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.897] GetParent (hWnd=0x201b8) returned 0x501ac [0169.897] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d390, cPoints=0x2 | out: lpPoints=0x29d390) returned -11272548 [0169.897] SendMessageW (hWnd=0x201b8, Msg=0x2210, wParam=0x1b80001, lParam=0x201b8) returned 0x0 [0169.897] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x2210, wParam=0x1b80001, lParam=0x201b8) returned 0x0 [0169.897] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.897] GetParent (hWnd=0x201b8) returned 0x501ac [0169.897] GetCurrentActCtx (in: lphActCtx=0x29e180 | out: lphActCtx=0x29e180*=0x1a94f918) returned 1 [0169.897] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.898] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.898] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r12_ad1", lpWindowName="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.", dwStyle=0x5600000d, X=181, Y=280, nWidth=419, nHeight=36, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x201e8 [0169.898] SetWindowLongPtrW (hWnd=0x201e8, nIndex=-4, dwNewLong=0x7fefc1961b4) returned 0x1b011d2c [0169.899] GetWindowLongPtrW (hWnd=0x201e8, nIndex=-4) returned 0x7fefc1961b4 [0169.899] SetWindowLongPtrW (hWnd=0x201e8, nIndex=-4, dwNewLong=0x1b011f0c) returned 0x7fefc1961b4 [0169.899] GetWindowLongPtrW (hWnd=0x201e8, nIndex=-4) returned 0x1b011f0c [0169.899] GetWindowLongPtrW (hWnd=0x201e8, nIndex=-16) returned 0x4600000d [0169.899] GetWindowLongPtrW (hWnd=0x201e8, nIndex=-12) returned 0x0 [0169.899] SetWindowLongPtrW (hWnd=0x201e8, nIndex=-12, dwNewLong=0x201e8) returned 0x0 [0169.899] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x81, wParam=0x0, lParam=0x29d840) returned 0x1 [0169.899] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x83, wParam=0x0, lParam=0x29d8f0) returned 0x0 [0169.899] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x1, wParam=0x0, lParam=0x29d760) returned 0x0 [0169.899] GetWindow (hWnd=0x201e8, uCmd=0x3) returned 0x201b8 [0169.899] GetClientRect (in: hWnd=0x201e8, lpRect=0x29d1a0 | out: lpRect=0x29d1a0) returned 1 [0169.899] GetWindowRect (in: hWnd=0x201e8, lpRect=0x29d1a0 | out: lpRect=0x29d1a0) returned 1 [0169.899] GetParent (hWnd=0x201e8) returned 0x501ac [0169.899] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d1a0, cPoints=0x2 | out: lpPoints=0x29d1a0) returned -11272548 [0169.900] SetWindowTextW (hWnd=0x201e8, lpString="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.") returned 1 [0169.900] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xc, wParam=0x0, lParam=0x220e714) returned 0x1 [0169.900] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x5, wParam=0x0, lParam=0x2401a3) returned 0x0 [0169.900] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x3, wParam=0x0, lParam=0x11800b5) returned 0x0 [0169.900] GetClientRect (in: hWnd=0x201e8, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.900] GetWindowRect (in: hWnd=0x201e8, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.900] GetParent (hWnd=0x201e8) returned 0x501ac [0169.900] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d390, cPoints=0x2 | out: lpPoints=0x29d390) returned -11272548 [0169.900] SendMessageW (hWnd=0x201e8, Msg=0x2210, wParam=0x1e80001, lParam=0x201e8) returned 0x0 [0169.900] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x2210, wParam=0x1e80001, lParam=0x201e8) returned 0x0 [0169.900] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.900] GetParent (hWnd=0x201e8) returned 0x501ac [0169.901] GetCurrentActCtx (in: lphActCtx=0x29e180 | out: lphActCtx=0x29e180*=0x1a94f918) returned 1 [0169.901] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.901] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.901] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r12_ad1", lpWindowName=0x0, dwStyle=0x56000000, X=95, Y=256, nWidth=537, nHeight=87, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x201e6 [0169.901] SetWindowLongPtrW (hWnd=0x201e6, nIndex=-4, dwNewLong=0x7769b0ac) returned 0x1b0113ec [0169.901] GetWindowLongPtrW (hWnd=0x201e6, nIndex=-4) returned 0x7769b0ac [0169.901] SetWindowLongPtrW (hWnd=0x201e6, nIndex=-4, dwNewLong=0x1b011f5c) returned 0x7769b0ac [0169.901] GetWindowLongPtrW (hWnd=0x201e6, nIndex=-4) returned 0x1b011f5c [0169.901] GetWindowLongPtrW (hWnd=0x201e6, nIndex=-16) returned 0x46000000 [0169.901] GetWindowLongPtrW (hWnd=0x201e6, nIndex=-12) returned 0x0 [0169.901] SetWindowLongPtrW (hWnd=0x201e6, nIndex=-12, dwNewLong=0x201e6) returned 0x0 [0169.902] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x81, wParam=0x0, lParam=0x29d840) returned 0x1 [0169.902] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x83, wParam=0x0, lParam=0x29d8f0) returned 0x0 [0169.902] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x1, wParam=0x0, lParam=0x29d840) returned 0x0 [0169.902] GetWindow (hWnd=0x201e6, uCmd=0x3) returned 0x201e8 [0169.902] GetClientRect (in: hWnd=0x201e6, lpRect=0x29d300 | out: lpRect=0x29d300) returned 1 [0169.902] GetWindowRect (in: hWnd=0x201e6, lpRect=0x29d300 | out: lpRect=0x29d300) returned 1 [0169.902] GetParent (hWnd=0x201e6) returned 0x501ac [0169.902] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d300, cPoints=0x2 | out: lpPoints=0x29d300) returned -11272548 [0169.903] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x5, wParam=0x0, lParam=0x570219) returned 0x0 [0169.903] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x3, wParam=0x0, lParam=0x100005f) returned 0x0 [0169.903] GetClientRect (in: hWnd=0x201e6, lpRect=0x29d410 | out: lpRect=0x29d410) returned 1 [0169.903] GetWindowRect (in: hWnd=0x201e6, lpRect=0x29d410 | out: lpRect=0x29d410) returned 1 [0169.903] GetParent (hWnd=0x201e6) returned 0x501ac [0169.903] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d410, cPoints=0x2 | out: lpPoints=0x29d410) returned -11272548 [0169.903] SendMessageW (hWnd=0x201e6, Msg=0x2210, wParam=0x1e60001, lParam=0x201e6) returned 0x0 [0169.903] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x2210, wParam=0x1e60001, lParam=0x201e6) returned 0x0 [0169.903] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.903] GetParent (hWnd=0x201e6) returned 0x501ac [0169.903] GetCurrentActCtx (in: lphActCtx=0x29e180 | out: lphActCtx=0x29e180*=0x1a94f918) returned 1 [0169.903] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.903] GetClassInfoW (in: hInstance=0x0, lpClassName="BUTTON", lpWndClass=0x2254480 | out: lpWndClass=0x2254480) returned 1 [0169.904] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.904] CoTaskMemAlloc (cb=0x58) returned 0x1a95feb0 [0169.904] RegisterClassW (lpWndClass=0x29de60) returned 0xc13e [0169.904] CoTaskMemFree (pv=0x1a95feb0) [0169.904] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.904] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.BUTTON.app.0.141b42a_r12_ad1", lpWindowName="Сopy to clipboard", dwStyle=0x5601000b, X=272, Y=177, nWidth=196, nHeight=49, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x201ba [0169.904] SetWindowLongPtrW (hWnd=0x201ba, nIndex=-4, dwNewLong=0x7fefc193b20) returned 0x1b011fac [0169.904] GetWindowLongPtrW (hWnd=0x201ba, nIndex=-4) returned 0x7fefc193b20 [0169.906] SetWindowLongPtrW (hWnd=0x201ba, nIndex=-4, dwNewLong=0x1b021d0c) returned 0x7fefc193b20 [0169.906] GetWindowLongPtrW (hWnd=0x201ba, nIndex=-4) returned 0x1b021d0c [0169.906] GetWindowLongPtrW (hWnd=0x201ba, nIndex=-16) returned 0x4601000b [0169.906] GetWindowLongPtrW (hWnd=0x201ba, nIndex=-12) returned 0x0 [0169.906] SetWindowLongPtrW (hWnd=0x201ba, nIndex=-12, dwNewLong=0x201ba) returned 0x0 [0169.906] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x81, wParam=0x0, lParam=0x29d840) returned 0x1 [0169.906] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x83, wParam=0x0, lParam=0x29d8f0) returned 0x0 [0169.906] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x1, wParam=0x0, lParam=0x29d810) returned 0x0 [0169.906] SendMessageW (hWnd=0x201ba, Msg=0x2055, wParam=0x201ba, lParam=0x3) returned 0x2 [0169.906] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] RedrawWindow (hWnd=0x301b2, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] RedrawWindow (hWnd=0x301ae, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] RedrawWindow (hWnd=0x301b4, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] RedrawWindow (hWnd=0x201b8, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] RedrawWindow (hWnd=0x201e8, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] RedrawWindow (hWnd=0x201e6, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0169.907] RedrawWindow (hWnd=0x201ba, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] RedrawWindow (hWnd=0x501ac, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0169.907] GetWindow (hWnd=0x201ba, uCmd=0x3) returned 0x201e6 [0169.907] GetClientRect (in: hWnd=0x201ba, lpRect=0x29d220 | out: lpRect=0x29d220) returned 1 [0169.907] GetWindowRect (in: hWnd=0x201ba, lpRect=0x29d220 | out: lpRect=0x29d220) returned 1 [0169.907] GetParent (hWnd=0x201ba) returned 0x501ac [0169.907] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d220, cPoints=0x2 | out: lpPoints=0x29d220) returned -11272548 [0169.910] SetWindowTextW (hWnd=0x201ba, lpString="Сopy to clipboard") returned 1 [0169.910] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xc, wParam=0x0, lParam=0x220dd4c) returned 0x1 [0169.910] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x5, wParam=0x0, lParam=0x3100c4) returned 0x0 [0169.910] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x3, wParam=0x0, lParam=0xb10110) returned 0x0 [0169.910] GetClientRect (in: hWnd=0x201ba, lpRect=0x29d360 | out: lpRect=0x29d360) returned 1 [0169.910] GetWindowRect (in: hWnd=0x201ba, lpRect=0x29d360 | out: lpRect=0x29d360) returned 1 [0169.910] GetParent (hWnd=0x201ba) returned 0x501ac [0169.910] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d360, cPoints=0x2 | out: lpPoints=0x29d360) returned -11272548 [0169.910] SendMessageW (hWnd=0x201ba, Msg=0x2210, wParam=0x1ba0001, lParam=0x201ba) returned 0x0 [0169.910] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x2210, wParam=0x1ba0001, lParam=0x201ba) returned 0x0 [0169.910] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.910] GetParent (hWnd=0x201ba) returned 0x501ac [0169.910] GetCurrentActCtx (in: lphActCtx=0x29e140 | out: lphActCtx=0x29e140*=0x1a94f918) returned 1 [0169.911] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.911] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.911] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r12_ad1", lpWindowName=0x0, dwStyle=0x568108c0, X=12, Y=152, nWidth=701, nHeight=19, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x201bc [0169.911] SetWindowLongPtrW (hWnd=0x201bc, nIndex=-4, dwNewLong=0x7fefc19975c) returned 0x1b011e1c [0169.911] GetWindowLongPtrW (hWnd=0x201bc, nIndex=-4) returned 0x7fefc19975c [0169.911] SetWindowLongPtrW (hWnd=0x201bc, nIndex=-4, dwNewLong=0x1b021d8c) returned 0x7fefc19975c [0169.912] GetWindowLongPtrW (hWnd=0x201bc, nIndex=-4) returned 0x1b021d8c [0169.912] GetWindowLongPtrW (hWnd=0x201bc, nIndex=-16) returned 0x468108c0 [0169.912] GetWindowLongPtrW (hWnd=0x201bc, nIndex=-12) returned 0x0 [0169.912] SetWindowLongPtrW (hWnd=0x201bc, nIndex=-12, dwNewLong=0x201bc) returned 0x0 [0169.912] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x81, wParam=0x0, lParam=0x29d800) returned 0x1 [0169.912] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x29cf60) returned 0x0 [0169.912] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x29cf60) returned 0x1 [0169.912] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x83, wParam=0x0, lParam=0x29d8b0) returned 0x0 [0169.912] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x1, wParam=0x0, lParam=0x29d800) returned 0x1 [0169.912] SendMessageW (hWnd=0x201bc, Msg=0x2055, wParam=0x201bc, lParam=0x3) returned 0x2 [0169.913] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3 [0169.913] GetWindow (hWnd=0x201bc, uCmd=0x3) returned 0x201ba [0169.913] GetClientRect (in: hWnd=0x201bc, lpRect=0x29d270 | out: lpRect=0x29d270) returned 1 [0169.913] GetWindowRect (in: hWnd=0x201bc, lpRect=0x29d270 | out: lpRect=0x29d270) returned 1 [0169.913] GetParent (hWnd=0x201bc) returned 0x501ac [0169.913] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d270, cPoints=0x2 | out: lpPoints=0x29d270) returned -11272548 [0169.913] GetWindowTextLengthW (hWnd=0x201bc) returned 0 [0169.913] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0169.913] GetSystemMetrics (nIndex=42) returned 0 [0169.913] GetWindowTextW (in: hWnd=0x201bc, lpString=0x29cef0, nMaxCount=1 | out: lpString="") returned 0 [0169.913] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x1, lParam=0x29cef0) returned 0x0 [0169.913] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0169.913] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0169.913] GetSystemMetrics (nIndex=42) returned 0 [0169.913] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cf30, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0169.913] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cf30) returned 0x27 [0169.913] SendMessageW (hWnd=0x201bc, Msg=0x30, wParam=0x280a07ba, lParam=0x0) returned 0x1 [0169.913] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x30, wParam=0x280a07ba, lParam=0x0) returned 0x1 [0169.913] SendMessageW (hWnd=0x201bc, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0169.913] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0169.914] GetSystemMetrics (nIndex=5) returned 1 [0169.914] GetSystemMetrics (nIndex=6) returned 1 [0169.914] SendMessageW (hWnd=0x201bc, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0169.914] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0169.914] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x5, wParam=0x0, lParam=0x1302bd) returned 0x0 [0169.914] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x3, wParam=0x0, lParam=0x98000c) returned 0x0 [0169.914] GetClientRect (in: hWnd=0x201bc, lpRect=0x29d380 | out: lpRect=0x29d380) returned 1 [0169.914] GetWindowRect (in: hWnd=0x201bc, lpRect=0x29d380 | out: lpRect=0x29d380) returned 1 [0169.914] GetParent (hWnd=0x201bc) returned 0x501ac [0169.914] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d380, cPoints=0x2 | out: lpPoints=0x29d380) returned -11272548 [0169.914] SendMessageW (hWnd=0x201bc, Msg=0x2210, wParam=0x1bc0001, lParam=0x201bc) returned 0x0 [0169.914] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x2210, wParam=0x1bc0001, lParam=0x201bc) returned 0x0 [0169.914] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.915] GetParent (hWnd=0x201bc) returned 0x501ac [0169.915] GetCurrentActCtx (in: lphActCtx=0x29e180 | out: lphActCtx=0x29e180*=0x1a94f918) returned 1 [0169.915] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0169.915] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0169.915] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r12_ad1", lpWindowName="BlackHat", dwStyle=0x5600000d, X=230, Y=9, nWidth=297, nHeight=73, hWndParent=0x501ac, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x401da [0169.915] SetWindowLongPtrW (hWnd=0x401da, nIndex=-4, dwNewLong=0x7fefc1961b4) returned 0x1b011d2c [0169.915] GetWindowLongPtrW (hWnd=0x401da, nIndex=-4) returned 0x7fefc1961b4 [0169.915] SetWindowLongPtrW (hWnd=0x401da, nIndex=-4, dwNewLong=0x1b021ddc) returned 0x7fefc1961b4 [0169.915] GetWindowLongPtrW (hWnd=0x401da, nIndex=-4) returned 0x1b021ddc [0169.915] GetWindowLongPtrW (hWnd=0x401da, nIndex=-16) returned 0x4600000d [0169.915] GetWindowLongPtrW (hWnd=0x401da, nIndex=-12) returned 0x0 [0169.915] SetWindowLongPtrW (hWnd=0x401da, nIndex=-12, dwNewLong=0x401da) returned 0x0 [0169.916] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x81, wParam=0x0, lParam=0x29d840) returned 0x1 [0169.916] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x83, wParam=0x0, lParam=0x29d8f0) returned 0x0 [0169.916] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x1, wParam=0x0, lParam=0x29d820) returned 0x0 [0169.916] GetWindow (hWnd=0x401da, uCmd=0x3) returned 0x201bc [0169.916] GetClientRect (in: hWnd=0x401da, lpRect=0x29d260 | out: lpRect=0x29d260) returned 1 [0169.916] GetWindowRect (in: hWnd=0x401da, lpRect=0x29d260 | out: lpRect=0x29d260) returned 1 [0169.916] GetParent (hWnd=0x401da) returned 0x501ac [0169.916] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d260, cPoints=0x2 | out: lpPoints=0x29d260) returned -11272548 [0169.916] SetWindowTextW (hWnd=0x401da, lpString="BlackHat") returned 1 [0169.917] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xc, wParam=0x0, lParam=0x220d324) returned 0x1 [0169.917] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x5, wParam=0x0, lParam=0x490129) returned 0x0 [0169.917] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x3, wParam=0x0, lParam=0x900e6) returned 0x0 [0169.917] GetClientRect (in: hWnd=0x401da, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.917] GetWindowRect (in: hWnd=0x401da, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0169.917] GetParent (hWnd=0x401da) returned 0x501ac [0169.917] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x501ac, lpPoints=0x29d390, cPoints=0x2 | out: lpPoints=0x29d390) returned -11272548 [0169.917] SendMessageW (hWnd=0x401da, Msg=0x2210, wParam=0x1da0001, lParam=0x401da) returned 0x0 [0169.917] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x2210, wParam=0x1da0001, lParam=0x401da) returned 0x0 [0169.917] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0169.917] GetParent (hWnd=0x401da) returned 0x501ac [0169.918] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0169.918] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0169.918] GetSystemMetrics (nIndex=42) returned 0 [0169.918] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29e0b0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0169.918] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29e0b0) returned 0x27 [0169.961] GetLogicalDrives () returned 0x4 [0169.973] GetFullPathNameW (in: lpFileName="C:\\ReadME-BlackHat.txt", nBufferLength=0x105, lpBuffer=0x29d910, lpFilePart=0x0 | out: lpBuffer="C:\\ReadME-BlackHat.txt", lpFilePart=0x0) returned 0x16 [0169.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29ddf0) returned 1 [0169.973] CreateFileW (lpFileName="C:\\ReadME-BlackHat.txt" (normalized: "c:\\readme-blackhat.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2a8 [0169.974] GetFileType (hFile=0x2a8) returned 0x1 [0169.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29dd60) returned 1 [0169.974] GetFileType (hFile=0x2a8) returned 0x1 [0169.974] WriteFile (in: hFile=0x2a8, lpBuffer=0x2258ed0*, nNumberOfBytesToWrite=0x1e2, lpNumberOfBytesWritten=0x29de38, lpOverlapped=0x0 | out: lpBuffer=0x2258ed0*, lpNumberOfBytesWritten=0x29de38*=0x1e2, lpOverlapped=0x0) returned 1 [0169.975] CloseHandle (hObject=0x2a8) returned 1 [0169.976] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReadME-BLackHeart.txt", nBufferLength=0x105, lpBuffer=0x29d910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReadME-BLackHeart.txt", lpFilePart=0x0) returned 0x3b [0169.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29ddf0) returned 1 [0169.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReadME-BLackHeart.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme-blackheart.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2a8 [0169.978] GetFileType (hFile=0x2a8) returned 0x1 [0169.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x29dd60) returned 1 [0169.978] GetFileType (hFile=0x2a8) returned 0x1 [0169.978] WriteFile (in: hFile=0x2a8, lpBuffer=0x225ba48*, nNumberOfBytesToWrite=0x1e2, lpNumberOfBytesWritten=0x29de38, lpOverlapped=0x0 | out: lpBuffer=0x225ba48*, lpNumberOfBytesWritten=0x29de38*=0x1e2, lpOverlapped=0x0) returned 1 [0169.978] CloseHandle (hObject=0x2a8) returned 1 [0169.980] GetWindowTextLengthW (hWnd=0x201bc) returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0169.980] GetSystemMetrics (nIndex=42) returned 0 [0169.980] GetWindowTextW (in: hWnd=0x201bc, lpString=0x29df10, nMaxCount=1 | out: lpString="") returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x1, lParam=0x29df10) returned 0x0 [0169.980] GetWindowTextLengthW (hWnd=0x201bc) returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0169.980] GetSystemMetrics (nIndex=42) returned 0 [0169.980] GetWindowTextW (in: hWnd=0x201bc, lpString=0x29de90, nMaxCount=1 | out: lpString="") returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x1, lParam=0x29de90) returned 0x0 [0169.980] GetWindowTextLengthW (hWnd=0x201bc) returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0169.980] GetSystemMetrics (nIndex=42) returned 0 [0169.980] GetWindowTextW (in: hWnd=0x201bc, lpString=0x29de70, nMaxCount=1 | out: lpString="") returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x1, lParam=0x29de70) returned 0x0 [0169.980] GetWindowTextLengthW (hWnd=0x201bc) returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0169.980] GetSystemMetrics (nIndex=42) returned 0 [0169.980] GetWindowTextW (in: hWnd=0x201bc, lpString=0x29de10, nMaxCount=1 | out: lpString="") returned 0 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x1, lParam=0x29de10) returned 0x0 [0169.980] SetWindowTextW (hWnd=0x201bc, lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 1 [0169.980] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xc, wParam=0x0, lParam=0x2256c34) returned 0x1 [0169.980] SendMessageW (hWnd=0x201bc, Msg=0x2111, wParam=0x40001bc, lParam=0x201bc) returned 0x0 [0169.980] SendMessageW (hWnd=0x201bc, Msg=0x2111, wParam=0x30001bc, lParam=0x201bc) returned 0x0 [0169.982] SendMessageW (hWnd=0x201bc, Msg=0xb9, wParam=0x0, lParam=0x0) returned 0x1 [0169.982] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xb9, wParam=0x0, lParam=0x0) returned 0x1 [0169.982] InvalidateRect (hWnd=0x301b2, lpRect=0x0, bErase=1) returned 1 [0169.982] InvalidateRect (hWnd=0x301ae, lpRect=0x0, bErase=1) returned 1 [0169.982] InvalidateRect (hWnd=0x301b4, lpRect=0x0, bErase=1) returned 1 [0169.982] InvalidateRect (hWnd=0x201b8, lpRect=0x0, bErase=1) returned 1 [0169.982] InvalidateRect (hWnd=0x201e8, lpRect=0x0, bErase=1) returned 1 [0169.982] InvalidateRect (hWnd=0x201e6, lpRect=0x0, bErase=1) returned 1 [0169.982] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0169.982] InvalidateRect (hWnd=0x201bc, lpRect=0x0, bErase=1) returned 1 [0169.982] InvalidateRect (hWnd=0x401da, lpRect=0x0, bErase=1) returned 1 [0169.983] GetWindowThreadProcessId (in: hWnd=0x501ac, lpdwProcessId=0x29e1c0 | out: lpdwProcessId=0x29e1c0) returned 0x9e0 [0169.983] GetCurrentThreadId () returned 0x9e0 [0169.983] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc13f [0169.984] PostMessageW (hWnd=0x501ac, Msg=0xc13f, wParam=0x0, lParam=0x0) returned 1 [0169.984] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0169.984] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0169.984] GetSystemMetrics (nIndex=42) returned 0 [0169.984] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29e080, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0169.984] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29e080) returned 0x27 [0169.985] GdipImageGetFrameDimensionsCount (image=0x1c34a190, count=0x29e0e0) returned 0x0 [0169.986] GdipImageGetFrameDimensionsList (image=0x1c34a190, dimensionIDs=0x1a9568e0*(Data1=0x6e005e, Data2=0x6b, Data3=0x6e, Data4=([0]=0x6f, [1]=0x0, [2]=0x77, [3]=0x0, [4]=0x6e, [5]=0x0, [6]=0x0, [7]=0x0)), count=0x1) returned 0x0 [0169.988] LocalFree (hMem=0x1a9568e0) returned 0x0 [0169.989] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e8d0) returned 0x0 [0169.990] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e8d0) returned 0x0 [0169.990] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0169.990] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0169.990] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0169.990] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0169.990] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0169.991] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0169.991] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0169.997] OleInitialize (pvReserved=0x0) returned 0x0 [0169.997] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x29e4b8 | out: lplpMessageFilter=0x29e4b8*=0x0) returned 0x0 [0170.005] GetFocus () returned 0x0 [0170.005] SetFocus (hWnd=0x201bc) returned 0x0 [0170.046] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0170.047] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0170.047] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0170.047] GetParent (hWnd=0x501ac) returned 0x0 [0170.049] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x1 [0170.050] SetTextColor (hdc=0xa010808, color=0xa5ff) returned 0x0 [0170.050] SetBkColor (hdc=0xa010808, color=0x0) returned 0xffffff [0170.119] CreateSolidBrush (color=0x0) returned 0x1d100260 [0170.129] SendMessageW (hWnd=0x201bc, Msg=0x2111, wParam=0x10001bc, lParam=0x201bc) returned 0x0 [0170.130] SendMessageW (hWnd=0x201bc, Msg=0xb0, wParam=0x29dda0, lParam=0x29dd40) returned 0x0 [0170.130] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xb0, wParam=0x29dda0, lParam=0x29dd40) returned 0x0 [0170.130] GetKeyState (nVirtKey=2) returned 0 [0170.130] GetKeyState (nVirtKey=4) returned 0 [0170.130] GetKeyState (nVirtKey=5) returned 0 [0170.130] GetKeyState (nVirtKey=6) returned 0 [0170.130] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0170.130] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0170.130] SendMessageW (hWnd=0x201bc, Msg=0xb1, wParam=0x0, lParam=0x158) returned 0x1 [0170.130] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xb1, wParam=0x0, lParam=0x158) returned 0x1 [0170.130] SetTextColor (hdc=0xa010808, color=0xa5ff) returned 0x0 [0170.130] SetBkColor (hdc=0xa010808, color=0x0) returned 0xffffff [0170.131] SetTextColor (hdc=0xa010808, color=0xa5ff) returned 0xa5ff [0170.131] SetBkColor (hdc=0xa010808, color=0x0) returned 0x0 [0170.132] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.132] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0170.132] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0170.133] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0170.133] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e4c8 | out: lpwndpl=0x29e4c8) returned 1 [0170.133] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e3e0 | out: lpRect=0x29e3e0) returned 1 [0170.133] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0170.133] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0170.133] GetSystemMetrics (nIndex=42) returned 0 [0170.133] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29e100, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0170.133] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29e100) returned 0x27 [0170.134] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e1c8 | out: lpRect=0x29e1c8) returned 1 [0170.136] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x1b021e2c, dwData=0x0) returned 1 [0170.136] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x29d9c0 | out: lpmi=0x29d9c0) returned 1 [0170.136] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x28010228 [0170.136] GetDeviceCaps (hdc=0x28010228, index=12) returned 32 [0170.136] GetDeviceCaps (hdc=0x28010228, index=14) returned 1 [0170.136] DeleteDC (hdc=0x28010228) returned 1 [0170.136] GetCurrentObject (hdc=0x7010804, type=0x1) returned 0x1b00017 [0170.136] GetCurrentObject (hdc=0x7010804, type=0x2) returned 0x1900010 [0170.136] GetCurrentObject (hdc=0x7010804, type=0x7) returned 0x1050032 [0170.136] GetCurrentObject (hdc=0x7010804, type=0x6) returned 0x18a002e [0170.136] SaveDC (hdc=0x7010804) returned 1 [0170.137] GetNearestColor (hdc=0x7010804, color=0x0) returned 0x0 [0170.174] CreateSolidBrush (color=0x0) returned 0x19100259 [0170.174] FillRect (hDC=0x7010804, lprc=0x29deb8, hbr=0x19100259) returned 1 [0170.176] DeleteObject (ho=0x19100259) returned 1 [0170.177] RestoreDC (hdc=0x7010804, nSavedDC=-1) returned 1 [0170.178] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.178] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.178] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.179] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0170.179] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.179] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.181] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.181] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.181] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0170.181] GetStockObject (i=5) returned 0x1900015 [0170.181] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.182] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0170.182] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.182] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e4a8 | out: lpwndpl=0x29e4a8) returned 1 [0170.182] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x47, wParam=0x0, lParam=0x29e8d0) returned 0x0 [0170.182] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e340 | out: lpRect=0x29e340) returned 1 [0170.182] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e340 | out: lpRect=0x29e340) returned 1 [0170.182] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0170.183] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0170.183] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0170.183] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x5, wParam=0x0, lParam=0x21802d7) returned 0x0 [0170.183] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x3, wParam=0x0, lParam=0xad0164) returned 0x0 [0170.183] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e3d0 | out: lpRect=0x29e3d0) returned 1 [0170.183] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e3d0 | out: lpRect=0x29e3d0) returned 1 [0170.184] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.184] IsWindowUnicode (hWnd=0x501ac) returned 1 [0170.184] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.185] TranslateMessage (lpMsg=0x29ea50) returned 0 [0170.185] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0170.186] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.186] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.186] TranslateMessage (lpMsg=0x29ea50) returned 0 [0170.186] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0170.186] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.186] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16902d0) returned 0x1 [0170.186] IsWindowUnicode (hWnd=0x201ba) returned 1 [0170.186] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.186] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16902d0) returned 0x1 [0170.187] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0170.187] SetCursor (hCursor=0x10003) returned 0x10007 [0170.188] TranslateMessage (lpMsg=0x29ea50) returned 0 [0170.188] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0170.193] _TrackMouseEvent (in: lpEventTrack=0x225e660 | out: lpEventTrack=0x225e660) returned 1 [0170.193] SendMessageW (hWnd=0x201ba, Msg=0xc135, wParam=0x0, lParam=0x0) returned 0x0 [0170.193] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xc135, wParam=0x0, lParam=0x0) returned 0x0 [0170.279] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0170.332] GetKeyState (nVirtKey=1) returned 0 [0170.333] GetKeyState (nVirtKey=2) returned 0 [0170.333] GetKeyState (nVirtKey=4) returned 0 [0170.333] GetKeyState (nVirtKey=5) returned 0 [0170.333] GetKeyState (nVirtKey=6) returned 0 [0170.333] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.339] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0170.339] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0170.339] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0170.339] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0170.340] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0170.340] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0170.341] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.341] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0170.341] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0170.341] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0170.342] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e488 | out: lpwndpl=0x29e488) returned 1 [0170.342] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e3a0 | out: lpRect=0x29e3a0) returned 1 [0170.342] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0170.342] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0170.342] GetSystemMetrics (nIndex=42) returned 0 [0170.342] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29e0c0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0170.342] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29e0c0) returned 0x27 [0170.342] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e188 | out: lpRect=0x29e188) returned 1 [0170.342] GetCurrentObject (hdc=0x7010804, type=0x1) returned 0x1b00017 [0170.342] GetCurrentObject (hdc=0x7010804, type=0x2) returned 0x1900010 [0170.342] GetCurrentObject (hdc=0x7010804, type=0x7) returned 0x1050032 [0170.342] GetCurrentObject (hdc=0x7010804, type=0x6) returned 0x18a002e [0170.342] SaveDC (hdc=0x7010804) returned 1 [0170.342] GetNearestColor (hdc=0x7010804, color=0x0) returned 0x0 [0170.342] CreateSolidBrush (color=0x0) returned 0x1a100259 [0170.342] FillRect (hDC=0x7010804, lprc=0x29de78, hbr=0x1a100259) returned 1 [0170.342] DeleteObject (ho=0x1a100259) returned 1 [0170.342] RestoreDC (hdc=0x7010804, nSavedDC=-1) returned 1 [0170.343] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.343] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.343] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.344] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x14, wParam=0x7010804, lParam=0x0) returned 0x1 [0170.344] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.344] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.344] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.345] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.345] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x14, wParam=0x7010804, lParam=0x0) returned 0x1 [0170.345] GetStockObject (i=5) returned 0x1900015 [0170.345] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.345] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x14, wParam=0x7010804, lParam=0x0) returned 0x1 [0170.345] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0170.346] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e468 | out: lpwndpl=0x29e468) returned 1 [0170.346] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x47, wParam=0x0, lParam=0x29e890) returned 0x0 [0170.346] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e300 | out: lpRect=0x29e300) returned 1 [0170.346] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e300 | out: lpRect=0x29e300) returned 1 [0170.346] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0170.346] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0170.346] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0170.347] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x47, wParam=0x0, lParam=0x29e890) returned 0x0 [0170.347] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae055d0) returned 0x0 [0170.414] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x83, wParam=0x1, lParam=0x29e1f0) returned 0x0 [0170.415] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16902d0) returned 0x1 [0170.415] IsWindowUnicode (hWnd=0x201ba) returned 1 [0170.415] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.415] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16902d0) returned 0x1 [0170.415] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0170.415] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xbc016c) returned 0x0 [0170.415] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0170.415] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0170.415] SetCursor (hCursor=0x10003) returned 0x10003 [0170.415] TranslateMessage (lpMsg=0x29ea50) returned 0 [0170.415] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0170.415] GetKeyState (nVirtKey=1) returned -127 [0170.415] GetKeyState (nVirtKey=2) returned 0 [0170.415] GetKeyState (nVirtKey=4) returned 0 [0170.415] GetKeyState (nVirtKey=5) returned 0 [0170.415] GetKeyState (nVirtKey=6) returned 0 [0170.416] IsWindowVisible (hWnd=0x201ba) returned 1 [0170.416] IsWindowEnabled (hWnd=0x201ba) returned 1 [0170.416] SetFocus (hWnd=0x201ba) returned 0x201bc [0170.416] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x8, wParam=0x201ba, lParam=0x0) returned 0x1 [0170.416] SendMessageW (hWnd=0x201bc, Msg=0x2111, wParam=0x20001bc, lParam=0x201bc) returned 0x0 [0170.416] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0170.416] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0170.417] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0170.419] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0170.419] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x7, wParam=0x201bc, lParam=0x0) returned 0x0 [0170.420] GetStockObject (i=5) returned 0x1900015 [0170.420] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x11 [0170.420] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xd, wParam=0x12, lParam=0x1a99b530) returned 0x11 [0170.420] GetDlgItem (hDlg=0x501ac, nIDDlgItem=131514) returned 0x201ba [0170.420] SendMessageW (hWnd=0x201ba, Msg=0x202b, wParam=0x201ba, lParam=0x29d910) returned 0x0 [0170.420] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x202b, wParam=0x201ba, lParam=0x29d910) returned 0x0 [0170.420] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0170.420] GetFocus () returned 0x201ba [0170.420] GetFocus () returned 0x201ba [0170.420] GetFocus () returned 0x201ba [0170.421] GetKeyState (nVirtKey=1) returned -127 [0170.421] GetKeyState (nVirtKey=2) returned 0 [0170.421] GetKeyState (nVirtKey=4) returned 0 [0170.421] GetKeyState (nVirtKey=5) returned 0 [0170.421] GetKeyState (nVirtKey=6) returned 0 [0170.643] SetCapture (hWnd=0x201ba) returned 0x0 [0170.643] GetKeyState (nVirtKey=1) returned -127 [0170.643] GetKeyState (nVirtKey=2) returned 0 [0170.643] GetKeyState (nVirtKey=4) returned 0 [0170.643] GetKeyState (nVirtKey=5) returned 0 [0170.643] GetKeyState (nVirtKey=6) returned 0 [0170.643] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0170.643] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0170.643] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.643] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0170.643] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0170.644] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0170.644] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.644] TranslateMessage (lpMsg=0x29ea50) returned 0 [0170.644] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0170.644] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.644] IsWindowUnicode (hWnd=0x201ba) returned 1 [0170.644] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0170.644] TranslateMessage (lpMsg=0x29ea50) returned 0 [0170.644] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0170.644] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x225ee70, cPoints=0x1 | out: lpPoints=0x225ee70) returned 22938228 [0170.644] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0170.644] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0170.644] UpdateWindow (hWnd=0x201ba) returned 1 [0170.645] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x7010804 [0170.646] GdipCreateHalftonePalette () returned 0x1908082e [0170.646] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0170.646] CreateCompatibleDC (hdc=0x7010804) returned 0x10010829 [0170.647] GetObjectType (h=0x7010804) returned 0x3 [0170.647] CreateCompatibleBitmap (hdc=0x7010804, cx=1, cy=1) returned 0x6050835 [0170.647] GetDIBits (in: hdc=0x7010804, hbm=0x6050835, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29d428, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29d428) returned 1 [0170.647] GetDIBits (in: hdc=0x7010804, hbm=0x6050835, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29d428, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29d428) returned 1 [0170.648] DeleteObject (ho=0x6050835) returned 1 [0170.648] CreateDIBSection (in: hdc=0x7010804, lpbmi=0x29d4d8, usage=0x0, ppvBits=0x29da98, hSection=0x0, offset=0x0 | out: ppvBits=0x29da98) returned 0x905082d [0170.648] SelectObject (hdc=0x10010829, h=0x905082d) returned 0x185000f [0170.648] GdipCreateFromHDC (hdc=0x10010829, graphics=0x29da18) returned 0x0 [0170.649] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0170.649] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0170.757] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0170.757] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1c34ac70) returned 0x0 [0170.758] GdipIsMatrixIdentity (matrix=0x1c34ac70, result=0x29daa8) returned 0x0 [0170.759] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99bc40 [0170.760] GdipGetMatrixElements (matrix=0x1c34ac70, matrixOut=0x1a99bc40) returned 0x0 [0170.760] LocalFree (hMem=0x1a99bc40) returned 0x0 [0170.760] GdipDeleteMatrix (matrix=0x1c34ac70) returned 0x0 [0170.762] GdipCreateRegion (region=0x29da40) returned 0x0 [0170.762] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34acb0) returned 0x0 [0170.763] GdipIsInfiniteRegion (region=0x1c34acb0, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0170.763] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0170.765] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffdb40dbd) returned 0x0 [0170.765] GdipDeleteRegion (region=0x1c34acb0) returned 0x0 [0170.868] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0x29d8a8, fWinIni=0x0 | out: pvParam=0x29d8a8) returned 1 [0171.047] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0171.047] GetCurrentObject (hdc=0x10010829, type=0x1) returned 0x1b00017 [0171.047] GetCurrentObject (hdc=0x10010829, type=0x2) returned 0x1900010 [0171.047] GetCurrentObject (hdc=0x10010829, type=0x7) returned 0x905082d [0171.047] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.047] SaveDC (hdc=0x10010829) returned 1 [0171.047] GetNearestColor (hdc=0x10010829, color=0x0) returned 0x0 [0171.047] GetNearestColor (hdc=0x10010829, color=0x0) returned 0x0 [0171.047] GetNearestColor (hdc=0x10010829, color=0x0) returned 0x0 [0171.047] GetNearestColor (hdc=0x10010829, color=0x989898) returned 0x989898 [0171.047] GetNearestColor (hdc=0x10010829, color=0x8b) returned 0x8b [0171.047] GetNearestColor (hdc=0x10010829, color=0x7f7f7f) returned 0x7f7f7f [0171.047] GetNearestColor (hdc=0x10010829, color=0x989898) returned 0x989898 [0171.047] GetNearestColor (hdc=0x10010829, color=0x0) returned 0x0 [0171.047] GetNearestColor (hdc=0x10010829, color=0x8b) returned 0x8b [0171.047] RestoreDC (hdc=0x10010829, nSavedDC=-1) returned 1 [0171.047] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x10010829) returned 0x0 [0171.048] IsAppThemed () returned 0x1 [0171.048] GetThemeAppProperties () returned 0x3 [0171.048] GetThemeAppProperties () returned 0x3 [0171.053] IsAppThemed () returned 0x1 [0171.054] GetThemeAppProperties () returned 0x3 [0171.054] GetThemeAppProperties () returned 0x3 [0171.054] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x2260ed8 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0171.087] IsAppThemed () returned 0x1 [0171.087] GetThemeAppProperties () returned 0x3 [0171.087] GetThemeAppProperties () returned 0x3 [0171.087] IsAppThemed () returned 0x1 [0171.087] GetThemeAppProperties () returned 0x3 [0171.087] GetThemeAppProperties () returned 0x3 [0171.089] IsAppThemed () returned 0x1 [0171.089] GetThemeAppProperties () returned 0x3 [0171.089] GetThemeAppProperties () returned 0x3 [0171.089] IsAppThemed () returned 0x1 [0171.089] GetThemeAppProperties () returned 0x3 [0171.089] GetThemeAppProperties () returned 0x3 [0171.089] IsThemePartDefined () returned 0x1 [0171.089] IsAppThemed () returned 0x1 [0171.089] GetThemeAppProperties () returned 0x3 [0171.089] GetThemeAppProperties () returned 0x3 [0171.089] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0171.432] IsAppThemed () returned 0x1 [0171.432] GetThemeAppProperties () returned 0x3 [0171.432] GetThemeAppProperties () returned 0x3 [0171.432] IsAppThemed () returned 0x1 [0171.432] GetThemeAppProperties () returned 0x3 [0171.432] GetThemeAppProperties () returned 0x3 [0171.432] IsThemePartDefined () returned 0x1 [0171.438] GdipCreateRegion (region=0x29d520) returned 0x0 [0171.438] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34acb0) returned 0x0 [0171.438] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0171.438] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1c34ad70) returned 0x0 [0171.438] GdipIsMatrixIdentity (matrix=0x1c34ad70, result=0x29d588) returned 0x0 [0171.438] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99bc80 [0171.438] GdipGetMatrixElements (matrix=0x1c34ad70, matrixOut=0x1a99bc80) returned 0x0 [0171.438] LocalFree (hMem=0x1a99bc80) returned 0x0 [0171.438] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99bc80 [0171.438] GdipGetMatrixElements (matrix=0x1c34ad70, matrixOut=0x1a99bc80) returned 0x0 [0171.439] LocalFree (hMem=0x1a99bc80) returned 0x0 [0171.439] GdipDeleteMatrix (matrix=0x1c34ad70) returned 0x0 [0171.439] GdipIsInfiniteRegion (region=0x1c34acb0, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0171.439] GdipIsInfiniteRegion (region=0x1c34acb0, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0171.439] GdipGetRegionHRgn (region=0x1c34acb0, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0171.440] GdipDeleteRegion (region=0x1c34acb0) returned 0x0 [0171.440] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0171.440] GetCurrentObject (hdc=0x10010829, type=0x1) returned 0x1b00017 [0171.440] GetCurrentObject (hdc=0x10010829, type=0x2) returned 0x1900010 [0171.440] GetCurrentObject (hdc=0x10010829, type=0x7) returned 0x905082d [0171.440] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.440] SaveDC (hdc=0x10010829) returned 1 [0171.442] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x15040812 [0171.442] GetClipRgn (hdc=0x10010829, hrgn=0x15040812) returned 0 [0171.443] SelectClipRgn (hdc=0x10010829, hrgn=0x5f040228) returned 2 [0171.443] DeleteObject (ho=0x15040812) returned 1 [0171.443] DeleteObject (ho=0x5f040228) returned 1 [0171.443] OffsetViewportOrgEx (in: hdc=0x10010829, x=0, y=0, lppt=0x2261920 | out: lppt=0x2261920) returned 1 [0171.444] DrawThemeParentBackground () returned 0x0 [0171.444] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0171.444] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0171.444] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0171.444] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0171.444] GetSystemMetrics (nIndex=42) returned 0 [0171.444] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0171.444] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0171.444] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0171.444] GetCurrentObject (hdc=0x10010829, type=0x1) returned 0x1b00017 [0171.444] GetCurrentObject (hdc=0x10010829, type=0x2) returned 0x1900010 [0171.444] GetCurrentObject (hdc=0x10010829, type=0x7) returned 0x905082d [0171.444] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.444] SaveDC (hdc=0x10010829) returned 2 [0171.444] GetNearestColor (hdc=0x10010829, color=0x0) returned 0x0 [0171.444] CreateSolidBrush (color=0x0) returned 0x1b100259 [0171.444] FillRect (hDC=0x10010829, lprc=0x29cb98, hbr=0x1b100259) returned 1 [0171.445] DeleteObject (ho=0x1b100259) returned 1 [0171.445] RestoreDC (hdc=0x10010829, nSavedDC=-1) returned 1 [0171.445] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0171.445] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0171.445] GetSystemMetrics (nIndex=42) returned 0 [0171.445] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0171.445] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0171.445] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0171.445] GetCurrentObject (hdc=0x10010829, type=0x1) returned 0x1b00017 [0171.445] GetCurrentObject (hdc=0x10010829, type=0x2) returned 0x1900010 [0171.445] GetCurrentObject (hdc=0x10010829, type=0x7) returned 0x905082d [0171.445] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.445] SaveDC (hdc=0x10010829) returned 2 [0171.445] GetNearestColor (hdc=0x10010829, color=0x0) returned 0x0 [0171.445] CreateSolidBrush (color=0x0) returned 0x1c100259 [0171.445] FillRect (hDC=0x10010829, lprc=0x29cac8, hbr=0x1c100259) returned 1 [0171.445] DeleteObject (ho=0x1c100259) returned 1 [0171.445] RestoreDC (hdc=0x10010829, nSavedDC=-1) returned 1 [0171.445] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0171.445] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0171.445] GetSystemMetrics (nIndex=42) returned 0 [0171.445] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0171.445] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0171.446] RestoreDC (hdc=0x10010829, nSavedDC=-1) returned 1 [0171.446] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x10010829) returned 0x0 [0171.446] IsAppThemed () returned 0x1 [0171.446] GetThemeAppProperties () returned 0x3 [0171.446] GetThemeAppProperties () returned 0x3 [0171.446] IsAppThemed () returned 0x1 [0171.446] GetThemeAppProperties () returned 0x3 [0171.446] GetThemeAppProperties () returned 0x3 [0171.446] IsThemePartDefined () returned 0x1 [0171.446] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0171.446] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0171.446] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0171.447] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0171.447] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0171.447] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99bc80 [0171.447] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99bc80) returned 0x0 [0171.447] LocalFree (hMem=0x1a99bc80) returned 0x0 [0171.447] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99bc80 [0171.447] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99bc80) returned 0x0 [0171.447] LocalFree (hMem=0x1a99bc80) returned 0x0 [0171.447] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0171.447] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0171.447] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0171.447] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0171.447] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0171.447] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0171.447] GetCurrentObject (hdc=0x10010829, type=0x1) returned 0x1b00017 [0171.447] GetCurrentObject (hdc=0x10010829, type=0x2) returned 0x1900010 [0171.447] GetCurrentObject (hdc=0x10010829, type=0x7) returned 0x905082d [0171.447] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.447] SaveDC (hdc=0x10010829) returned 1 [0171.447] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x60040228 [0171.447] GetClipRgn (hdc=0x10010829, hrgn=0x60040228) returned 0 [0171.447] SelectClipRgn (hdc=0x10010829, hrgn=0x17040812) returned 2 [0171.447] DeleteObject (ho=0x60040228) returned 1 [0171.447] DeleteObject (ho=0x17040812) returned 1 [0171.447] OffsetViewportOrgEx (in: hdc=0x10010829, x=0, y=0, lppt=0x2262a28 | out: lppt=0x2262a28) returned 1 [0171.447] IsAppThemed () returned 0x1 [0171.447] GetThemeAppProperties () returned 0x3 [0171.447] GetThemeAppProperties () returned 0x3 [0171.448] DrawThemeBackground () returned 0x0 [0171.448] RestoreDC (hdc=0x10010829, nSavedDC=-1) returned 1 [0171.448] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x10010829) returned 0x0 [0171.448] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0171.448] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0171.448] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0171.448] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0171.448] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0171.448] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99bc80 [0171.448] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99bc80) returned 0x0 [0171.448] LocalFree (hMem=0x1a99bc80) returned 0x0 [0171.448] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99bc80 [0171.448] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99bc80) returned 0x0 [0171.448] LocalFree (hMem=0x1a99bc80) returned 0x0 [0171.448] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0171.448] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0171.448] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0171.448] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0171.448] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0171.448] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0171.448] GetCurrentObject (hdc=0x10010829, type=0x1) returned 0x1b00017 [0171.448] GetCurrentObject (hdc=0x10010829, type=0x2) returned 0x1900010 [0171.448] GetCurrentObject (hdc=0x10010829, type=0x7) returned 0x905082d [0171.449] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.449] SaveDC (hdc=0x10010829) returned 1 [0171.449] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x18040812 [0171.449] GetClipRgn (hdc=0x10010829, hrgn=0x18040812) returned 0 [0171.449] SelectClipRgn (hdc=0x10010829, hrgn=0x61040228) returned 2 [0171.449] DeleteObject (ho=0x18040812) returned 1 [0171.449] DeleteObject (ho=0x61040228) returned 1 [0171.449] OffsetViewportOrgEx (in: hdc=0x10010829, x=0, y=0, lppt=0x2262f00 | out: lppt=0x2262f00) returned 1 [0171.449] IsAppThemed () returned 0x1 [0171.449] GetThemeAppProperties () returned 0x3 [0171.449] GetThemeAppProperties () returned 0x3 [0171.449] GetThemeBackgroundContentRect () returned 0x0 [0171.449] RestoreDC (hdc=0x10010829, nSavedDC=-1) returned 1 [0171.449] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x10010829) returned 0x0 [0171.450] IsAppThemed () returned 0x1 [0171.450] GetThemeAppProperties () returned 0x3 [0171.450] GetThemeAppProperties () returned 0x3 [0171.451] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0171.451] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0171.451] GetCurrentObject (hdc=0x10010829, type=0x1) returned 0x1b00017 [0171.451] GetCurrentObject (hdc=0x10010829, type=0x2) returned 0x1900010 [0171.451] GetCurrentObject (hdc=0x10010829, type=0x7) returned 0x905082d [0171.451] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.451] SaveDC (hdc=0x10010829) returned 1 [0171.452] GetTextAlign (hdc=0x10010829) returned 0x0 [0171.453] GetTextColor (hdc=0x10010829) returned 0x0 [0171.552] SetTextColor (hdc=0x10010829, color=0x8b) returned 0x0 [0171.552] GetCurrentObject (hdc=0x10010829, type=0x6) returned 0x18a002e [0171.552] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0171.552] SelectObject (hdc=0x10010829, h=0x90a0819) returned 0x18a002e [0171.553] GetBkMode (hdc=0x10010829) returned 2 [0171.554] SetBkMode (hdc=0x10010829, mode=1) returned 2 [0171.554] DrawTextExW (in: hdc=0x10010829, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x2263588 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0171.554] DrawTextExW (in: hdc=0x10010829, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x2263588 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0171.555] RestoreDC (hdc=0x10010829, nSavedDC=-1) returned 1 [0171.555] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x10010829) returned 0x0 [0171.555] GetFocus () returned 0x201ba [0171.555] IsAppThemed () returned 0x1 [0171.555] GetThemeAppProperties () returned 0x3 [0171.555] GetThemeAppProperties () returned 0x3 [0171.555] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0171.556] BitBlt (hdc=0x7010804, x=0, y=0, cx=196, cy=49, hdcSrc=0x10010829, x1=0, y1=0, rop=0xcc0020) returned 1 [0171.556] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x10010829) returned 0x0 [0171.556] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0171.556] SelectObject (hdc=0x10010829, h=0x185000f) returned 0x905082d [0171.556] DeleteDC (hdc=0x10010829) returned 1 [0171.556] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0171.556] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0171.556] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22636f0, cPoints=0x1 | out: lpPoints=0x22636f0) returned 22938228 [0171.938] WindowFromPoint (Point=0x169000002d0) returned 0x201ba [0171.938] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16902d0) returned 0x1 [0171.939] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0171.939] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0171.952] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0171.953] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0171.953] GetSystemMetrics (nIndex=42) returned 0 [0171.953] CoTaskMemAlloc (cb=0x2b6) returned 0x1a99d010 [0171.953] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a99d010, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0171.953] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a99d010) returned 0x158 [0171.953] CoTaskMemFree (pv=0x1a99d010) [0174.965] OleSetClipboard (pDataObj=0x2dff28) returned 0x0 [0177.622] OleFlushClipboard () returned 0x0 [0177.644] GlobalReAlloc (hMem=0x1bee00d8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00d8 [0177.644] GlobalLock (hMem=0x1bee00d8) returned 0x1a9acee0 [0178.533] RtlMoveMemory (in: Destination=0x1a9acee0, Source=0x2264f10, Length=0x2b0 | out: Destination=0x1a9acee0) [0178.538] GlobalUnlock (hMem=0x1bee00d8) returned 0 [0178.818] GetCapture () returned 0x201ba [0178.818] ReleaseCapture () returned 1 [0178.819] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0178.819] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.820] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0178.820] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x83, wParam=0x1, lParam=0x29e860) returned 0x0 [0178.820] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0178.820] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.820] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0178.821] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0178.821] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0178.821] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e488 | out: lpwndpl=0x29e488) returned 1 [0178.822] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e3a0 | out: lpRect=0x29e3a0) returned 1 [0178.822] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0178.822] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0178.822] GetSystemMetrics (nIndex=42) returned 0 [0178.822] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29e0c0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0178.822] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29e0c0) returned 0x27 [0178.822] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e188 | out: lpRect=0x29e188) returned 1 [0178.822] GetCurrentObject (hdc=0x7010804, type=0x1) returned 0x1b00017 [0178.822] GetCurrentObject (hdc=0x7010804, type=0x2) returned 0x1900010 [0178.822] GetCurrentObject (hdc=0x7010804, type=0x7) returned 0x1050032 [0178.822] GetCurrentObject (hdc=0x7010804, type=0x6) returned 0x18a002e [0178.822] SaveDC (hdc=0x7010804) returned 1 [0178.822] GetNearestColor (hdc=0x7010804, color=0x0) returned 0x0 [0178.822] CreateSolidBrush (color=0x0) returned 0x1d100259 [0178.822] FillRect (hDC=0x7010804, lprc=0x29de78, hbr=0x1d100259) returned 1 [0178.822] DeleteObject (ho=0x1d100259) returned 1 [0178.822] RestoreDC (hdc=0x7010804, nSavedDC=-1) returned 1 [0178.822] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.823] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.823] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.823] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x14, wParam=0x7010804, lParam=0x0) returned 0x1 [0178.823] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.823] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.824] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.824] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.824] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x14, wParam=0x501080c, lParam=0x0) returned 0x1 [0178.824] GetStockObject (i=5) returned 0x1900015 [0178.824] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.824] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0178.824] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.825] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e468 | out: lpwndpl=0x29e468) returned 1 [0178.825] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x47, wParam=0x0, lParam=0x29e890) returned 0x0 [0178.825] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x5, wParam=0x0, lParam=0x21802d7) returned 0x0 [0178.825] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e300 | out: lpRect=0x29e300) returned 1 [0178.825] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e300 | out: lpRect=0x29e300) returned 1 [0178.825] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0178.825] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0178.825] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0178.825] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0178.826] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0178.826] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902f7) returned 0x1 [0178.826] IsWindowUnicode (hWnd=0x201ba) returned 1 [0178.826] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902f7) returned 0x1 [0178.826] SetCursor (hCursor=0x10003) returned 0x10003 [0178.826] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.826] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0178.826] GetKeyState (nVirtKey=1) returned 1 [0178.826] GetKeyState (nVirtKey=2) returned 0 [0178.826] GetKeyState (nVirtKey=4) returned 0 [0178.826] GetKeyState (nVirtKey=5) returned 0 [0178.826] GetKeyState (nVirtKey=6) returned 0 [0178.826] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902f7) returned 0x1 [0178.826] IsWindowUnicode (hWnd=0x201ba) returned 1 [0178.826] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902f7) returned 0x1 [0178.826] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0178.826] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xcc0193) returned 0x0 [0178.827] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0178.827] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0178.827] SetCursor (hCursor=0x10003) returned 0x10003 [0178.827] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.827] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0178.827] GetKeyState (nVirtKey=1) returned -128 [0178.827] GetKeyState (nVirtKey=2) returned 0 [0178.827] GetKeyState (nVirtKey=4) returned 0 [0178.827] GetKeyState (nVirtKey=5) returned 0 [0178.827] GetKeyState (nVirtKey=6) returned 0 [0178.827] IsWindowVisible (hWnd=0x201ba) returned 1 [0178.827] IsWindowEnabled (hWnd=0x201ba) returned 1 [0178.827] SetFocus (hWnd=0x201ba) returned 0x201ba [0178.827] GetFocus () returned 0x201ba [0178.827] GetFocus () returned 0x201ba [0178.827] GetFocus () returned 0x201ba [0178.827] GetKeyState (nVirtKey=1) returned -128 [0178.827] GetKeyState (nVirtKey=2) returned 0 [0178.827] GetKeyState (nVirtKey=4) returned 0 [0178.827] GetKeyState (nVirtKey=5) returned 0 [0178.827] GetKeyState (nVirtKey=6) returned 0 [0178.827] GetCapture () returned 0x0 [0178.827] SetCapture (hWnd=0x201ba) returned 0x0 [0178.827] GetKeyState (nVirtKey=1) returned -128 [0178.827] GetKeyState (nVirtKey=2) returned 0 [0178.827] GetKeyState (nVirtKey=4) returned 0 [0178.827] GetKeyState (nVirtKey=5) returned 0 [0178.827] GetKeyState (nVirtKey=6) returned 0 [0178.827] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0178.827] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0178.827] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.827] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.827] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.827] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0178.827] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.827] IsWindowUnicode (hWnd=0x201ba) returned 1 [0178.827] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.827] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.827] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0178.827] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2265788, cPoints=0x1 | out: lpPoints=0x2265788) returned 22938228 [0178.827] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0178.827] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0178.828] UpdateWindow (hWnd=0x201ba) returned 1 [0178.828] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x7010804 [0178.828] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0178.828] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x14, wParam=0x7010804, lParam=0x0) returned 0x1 [0178.828] GetStockObject (i=5) returned 0x1900015 [0178.828] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0178.828] CreateCompatibleDC (hdc=0x7010804) returned 0x1e01083a [0178.828] SelectObject (hdc=0x1e01083a, h=0x905082d) returned 0x185000f [0178.828] GdipCreateFromHDC (hdc=0x1e01083a, graphics=0x29da18) returned 0x0 [0178.828] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0178.828] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0178.828] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0178.828] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0178.828] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0178.828] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.828] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0178.828] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.828] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0178.829] GdipCreateRegion (region=0x29da40) returned 0x0 [0178.829] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0178.829] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0178.829] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0178.829] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffdb20dbd) returned 0x0 [0178.829] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0178.829] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0178.829] GetCurrentObject (hdc=0x1e01083a, type=0x1) returned 0x1b00017 [0178.829] GetCurrentObject (hdc=0x1e01083a, type=0x2) returned 0x1900010 [0178.829] GetCurrentObject (hdc=0x1e01083a, type=0x7) returned 0x905082d [0178.829] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.829] SaveDC (hdc=0x1e01083a) returned 1 [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x0) returned 0x0 [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x0) returned 0x0 [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x0) returned 0x0 [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x989898) returned 0x989898 [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x8b) returned 0x8b [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x7f7f7f) returned 0x7f7f7f [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x989898) returned 0x989898 [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x0) returned 0x0 [0178.829] GetNearestColor (hdc=0x1e01083a, color=0x8b) returned 0x8b [0178.829] RestoreDC (hdc=0x1e01083a, nSavedDC=-1) returned 1 [0178.829] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e01083a) returned 0x0 [0178.829] IsAppThemed () returned 0x1 [0178.829] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x2266360 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsThemePartDefined () returned 0x1 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsAppThemed () returned 0x1 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] GetThemeAppProperties () returned 0x3 [0178.830] IsThemePartDefined () returned 0x1 [0178.830] GdipCreateRegion (region=0x29d520) returned 0x0 [0178.830] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0178.830] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0178.830] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0178.830] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0178.830] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.830] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0178.830] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.830] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.830] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0178.831] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.831] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0178.831] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0178.831] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0178.831] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0178.831] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0178.831] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0178.831] GetCurrentObject (hdc=0x1e01083a, type=0x1) returned 0x1b00017 [0178.831] GetCurrentObject (hdc=0x1e01083a, type=0x2) returned 0x1900010 [0178.831] GetCurrentObject (hdc=0x1e01083a, type=0x7) returned 0x905082d [0178.831] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.831] SaveDC (hdc=0x1e01083a) returned 1 [0178.831] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x62040228 [0178.831] GetClipRgn (hdc=0x1e01083a, hrgn=0x62040228) returned 0 [0178.831] SelectClipRgn (hdc=0x1e01083a, hrgn=0x1f040812) returned 2 [0178.831] DeleteObject (ho=0x62040228) returned 1 [0178.831] DeleteObject (ho=0x1f040812) returned 1 [0178.831] OffsetViewportOrgEx (in: hdc=0x1e01083a, x=0, y=0, lppt=0x2266d48 | out: lppt=0x2266d48) returned 1 [0178.831] DrawThemeParentBackground () returned 0x0 [0178.831] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0178.831] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0178.831] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0178.831] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0178.831] GetSystemMetrics (nIndex=42) returned 0 [0178.831] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0178.831] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0178.831] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0178.831] GetCurrentObject (hdc=0x1e01083a, type=0x1) returned 0x1b00017 [0178.832] GetCurrentObject (hdc=0x1e01083a, type=0x2) returned 0x1900010 [0178.832] GetCurrentObject (hdc=0x1e01083a, type=0x7) returned 0x905082d [0178.832] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.832] SaveDC (hdc=0x1e01083a) returned 2 [0178.832] GetNearestColor (hdc=0x1e01083a, color=0x0) returned 0x0 [0178.832] CreateSolidBrush (color=0x0) returned 0x1e100259 [0178.832] FillRect (hDC=0x1e01083a, lprc=0x29cb98, hbr=0x1e100259) returned 1 [0178.832] DeleteObject (ho=0x1e100259) returned 1 [0178.832] RestoreDC (hdc=0x1e01083a, nSavedDC=-1) returned 1 [0178.832] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0178.832] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0178.832] GetSystemMetrics (nIndex=42) returned 0 [0178.832] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0178.832] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0178.832] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0178.832] GetCurrentObject (hdc=0x1e01083a, type=0x1) returned 0x1b00017 [0178.832] GetCurrentObject (hdc=0x1e01083a, type=0x2) returned 0x1900010 [0178.832] GetCurrentObject (hdc=0x1e01083a, type=0x7) returned 0x905082d [0178.832] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.832] SaveDC (hdc=0x1e01083a) returned 2 [0178.832] GetNearestColor (hdc=0x1e01083a, color=0x0) returned 0x0 [0178.832] CreateSolidBrush (color=0x0) returned 0x1f100259 [0178.832] FillRect (hDC=0x1e01083a, lprc=0x29cac8, hbr=0x1f100259) returned 1 [0178.832] DeleteObject (ho=0x1f100259) returned 1 [0178.832] RestoreDC (hdc=0x1e01083a, nSavedDC=-1) returned 1 [0178.833] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0178.833] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0178.833] GetSystemMetrics (nIndex=42) returned 0 [0178.833] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0178.834] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0178.834] RestoreDC (hdc=0x1e01083a, nSavedDC=-1) returned 1 [0178.834] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e01083a) returned 0x0 [0178.834] IsAppThemed () returned 0x1 [0178.834] GetThemeAppProperties () returned 0x3 [0178.834] GetThemeAppProperties () returned 0x3 [0178.834] IsAppThemed () returned 0x1 [0178.834] GetThemeAppProperties () returned 0x3 [0178.834] GetThemeAppProperties () returned 0x3 [0178.834] IsThemePartDefined () returned 0x1 [0178.834] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0178.834] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0178.835] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0178.835] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0178.835] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0178.835] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.835] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0178.835] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.835] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.835] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0178.835] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.835] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0178.835] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0178.835] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0178.835] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0178.835] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0178.835] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0178.835] GetCurrentObject (hdc=0x1e01083a, type=0x1) returned 0x1b00017 [0178.835] GetCurrentObject (hdc=0x1e01083a, type=0x2) returned 0x1900010 [0178.835] GetCurrentObject (hdc=0x1e01083a, type=0x7) returned 0x905082d [0178.835] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.835] SaveDC (hdc=0x1e01083a) returned 1 [0178.835] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x20040812 [0178.835] GetClipRgn (hdc=0x1e01083a, hrgn=0x20040812) returned 0 [0178.835] SelectClipRgn (hdc=0x1e01083a, hrgn=0x64040228) returned 2 [0178.835] DeleteObject (ho=0x20040812) returned 1 [0178.835] DeleteObject (ho=0x64040228) returned 1 [0178.835] OffsetViewportOrgEx (in: hdc=0x1e01083a, x=0, y=0, lppt=0x2267e50 | out: lppt=0x2267e50) returned 1 [0178.835] IsAppThemed () returned 0x1 [0178.835] GetThemeAppProperties () returned 0x3 [0178.835] GetThemeAppProperties () returned 0x3 [0178.835] DrawThemeBackground () returned 0x0 [0178.836] RestoreDC (hdc=0x1e01083a, nSavedDC=-1) returned 1 [0178.836] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e01083a) returned 0x0 [0178.836] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0178.836] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0178.836] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0178.836] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0178.836] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0178.836] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.836] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0178.836] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.836] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.836] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0178.836] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.836] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0178.836] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0178.836] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0178.836] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0178.836] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0178.836] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0178.836] GetCurrentObject (hdc=0x1e01083a, type=0x1) returned 0x1b00017 [0178.836] GetCurrentObject (hdc=0x1e01083a, type=0x2) returned 0x1900010 [0178.836] GetCurrentObject (hdc=0x1e01083a, type=0x7) returned 0x905082d [0178.836] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.836] SaveDC (hdc=0x1e01083a) returned 1 [0178.836] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x65040228 [0178.836] GetClipRgn (hdc=0x1e01083a, hrgn=0x65040228) returned 0 [0178.842] SelectClipRgn (hdc=0x1e01083a, hrgn=0x21040812) returned 2 [0178.842] DeleteObject (ho=0x65040228) returned 1 [0178.842] DeleteObject (ho=0x21040812) returned 1 [0178.842] OffsetViewportOrgEx (in: hdc=0x1e01083a, x=0, y=0, lppt=0x2268328 | out: lppt=0x2268328) returned 1 [0178.842] IsAppThemed () returned 0x1 [0178.842] GetThemeAppProperties () returned 0x3 [0178.842] GetThemeAppProperties () returned 0x3 [0178.842] GetThemeBackgroundContentRect () returned 0x0 [0178.842] RestoreDC (hdc=0x1e01083a, nSavedDC=-1) returned 1 [0178.842] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e01083a) returned 0x0 [0178.842] IsAppThemed () returned 0x1 [0178.842] GetThemeAppProperties () returned 0x3 [0178.842] GetThemeAppProperties () returned 0x3 [0178.842] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0178.842] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0178.842] GetCurrentObject (hdc=0x1e01083a, type=0x1) returned 0x1b00017 [0178.842] GetCurrentObject (hdc=0x1e01083a, type=0x2) returned 0x1900010 [0178.842] GetCurrentObject (hdc=0x1e01083a, type=0x7) returned 0x905082d [0178.842] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.842] SaveDC (hdc=0x1e01083a) returned 1 [0178.842] GetTextAlign (hdc=0x1e01083a) returned 0x0 [0178.842] GetTextColor (hdc=0x1e01083a) returned 0x0 [0178.842] SetTextColor (hdc=0x1e01083a, color=0x8b) returned 0x0 [0178.842] GetCurrentObject (hdc=0x1e01083a, type=0x6) returned 0x18a002e [0178.842] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0178.842] SelectObject (hdc=0x1e01083a, h=0x90a0819) returned 0x18a002e [0178.842] GetBkMode (hdc=0x1e01083a) returned 2 [0178.842] SetBkMode (hdc=0x1e01083a, mode=1) returned 2 [0178.843] DrawTextExW (in: hdc=0x1e01083a, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22689b0 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0178.843] DrawTextExW (in: hdc=0x1e01083a, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22689b0 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0178.843] RestoreDC (hdc=0x1e01083a, nSavedDC=-1) returned 1 [0178.843] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e01083a) returned 0x0 [0178.843] GetFocus () returned 0x201ba [0178.843] IsAppThemed () returned 0x1 [0178.843] GetThemeAppProperties () returned 0x3 [0178.843] GetThemeAppProperties () returned 0x3 [0178.843] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0178.843] BitBlt (hdc=0x7010804, x=0, y=0, cx=196, cy=49, hdcSrc=0x1e01083a, x1=0, y1=0, rop=0xcc0020) returned 1 [0178.843] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e01083a) returned 0x0 [0178.843] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0178.843] SelectObject (hdc=0x1e01083a, h=0x185000f) returned 0x905082d [0178.843] DeleteDC (hdc=0x1e01083a) returned 1 [0178.843] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0178.843] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0178.843] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2268b18, cPoints=0x1 | out: lpPoints=0x2268b18) returned 22938228 [0178.845] WindowFromPoint (Point=0x179000002f7) returned 0x201ba [0178.845] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902f7) returned 0x1 [0178.848] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0178.848] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0178.851] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0178.851] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0178.851] GetSystemMetrics (nIndex=42) returned 0 [0178.851] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad1c0 [0178.851] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad1c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0178.851] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad1c0) returned 0x158 [0178.851] CoTaskMemFree (pv=0x1a9ad1c0) [0178.852] OleSetClipboard (pDataObj=0x2dfe28) returned 0x0 [0178.854] OleFlushClipboard () returned 0x0 [0178.854] GlobalReAlloc (hMem=0x1bee00e8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00e8 [0178.854] GlobalLock (hMem=0x1bee00e8) returned 0x1a9acee0 [0178.854] RtlMoveMemory (in: Destination=0x1a9acee0, Source=0x2269a00, Length=0x2b0 | out: Destination=0x1a9acee0) [0178.854] GlobalUnlock (hMem=0x1bee00e8) returned 0 [0178.855] GetCapture () returned 0x201ba [0178.855] ReleaseCapture () returned 1 [0178.855] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0178.855] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.855] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f02ac) returned 0x1 [0178.855] IsWindowUnicode (hWnd=0x201ba) returned 1 [0178.855] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.855] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f02ac) returned 0x1 [0178.855] SetCursor (hCursor=0x10003) returned 0x10003 [0178.855] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.855] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0178.855] GetKeyState (nVirtKey=1) returned 0 [0178.855] GetKeyState (nVirtKey=2) returned 0 [0178.855] GetKeyState (nVirtKey=4) returned 0 [0178.855] GetKeyState (nVirtKey=5) returned 0 [0178.855] GetKeyState (nVirtKey=6) returned 0 [0178.856] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.856] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f02ac) returned 0x1 [0178.856] IsWindowUnicode (hWnd=0x201ba) returned 1 [0178.856] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.856] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f02ac) returned 0x1 [0178.856] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0178.856] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xd20148) returned 0x0 [0178.856] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0178.856] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0178.856] SetCursor (hCursor=0x10003) returned 0x10003 [0178.856] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.856] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0178.856] GetKeyState (nVirtKey=1) returned -127 [0178.856] GetKeyState (nVirtKey=2) returned 0 [0178.856] GetKeyState (nVirtKey=4) returned 0 [0178.856] GetKeyState (nVirtKey=5) returned 0 [0178.856] GetKeyState (nVirtKey=6) returned 0 [0178.856] IsWindowVisible (hWnd=0x201ba) returned 1 [0178.856] IsWindowEnabled (hWnd=0x201ba) returned 1 [0178.856] SetFocus (hWnd=0x201ba) returned 0x201ba [0178.856] GetFocus () returned 0x201ba [0178.856] GetFocus () returned 0x201ba [0178.856] GetFocus () returned 0x201ba [0178.856] GetKeyState (nVirtKey=1) returned -127 [0178.856] GetKeyState (nVirtKey=2) returned 0 [0178.856] GetKeyState (nVirtKey=4) returned 0 [0178.858] GetKeyState (nVirtKey=5) returned 0 [0178.858] GetKeyState (nVirtKey=6) returned 0 [0178.864] GetCapture () returned 0x0 [0178.864] SetCapture (hWnd=0x201ba) returned 0x0 [0178.864] GetKeyState (nVirtKey=1) returned -127 [0178.874] GetKeyState (nVirtKey=2) returned 0 [0178.874] GetKeyState (nVirtKey=4) returned 0 [0178.874] GetKeyState (nVirtKey=5) returned 0 [0178.874] GetKeyState (nVirtKey=6) returned 0 [0178.874] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0178.874] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0178.874] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.874] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.874] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.874] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0178.874] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.874] IsWindowUnicode (hWnd=0x201ba) returned 1 [0178.874] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0178.874] TranslateMessage (lpMsg=0x29ea50) returned 0 [0178.874] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0178.874] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2269d48, cPoints=0x1 | out: lpPoints=0x2269d48) returned 22938228 [0178.874] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0178.874] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0178.874] UpdateWindow (hWnd=0x201ba) returned 1 [0178.874] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x7010804 [0178.874] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0178.874] CreateCompatibleDC (hdc=0x7010804) returned 0x3901021e [0178.874] SelectObject (hdc=0x3901021e, h=0x905082d) returned 0x185000f [0178.875] GdipCreateFromHDC (hdc=0x3901021e, graphics=0x29da18) returned 0x0 [0178.875] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0178.875] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0178.875] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0178.875] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0178.875] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0178.875] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0178.875] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0178.875] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0178.875] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0178.875] GdipCreateRegion (region=0x29da40) returned 0x0 [0178.875] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0178.875] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0178.875] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0178.875] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffdb00dbd) returned 0x0 [0178.875] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0178.875] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0178.875] GetCurrentObject (hdc=0x3901021e, type=0x1) returned 0x1b00017 [0178.875] GetCurrentObject (hdc=0x3901021e, type=0x2) returned 0x1900010 [0178.876] GetCurrentObject (hdc=0x3901021e, type=0x7) returned 0x905082d [0178.876] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0178.876] SaveDC (hdc=0x3901021e) returned 1 [0178.876] GetNearestColor (hdc=0x3901021e, color=0x0) returned 0x0 [0178.876] GetNearestColor (hdc=0x3901021e, color=0x0) returned 0x0 [0178.876] GetNearestColor (hdc=0x3901021e, color=0x0) returned 0x0 [0178.876] GetNearestColor (hdc=0x3901021e, color=0x989898) returned 0x989898 [0178.876] GetNearestColor (hdc=0x3901021e, color=0x8b) returned 0x8b [0178.876] GetNearestColor (hdc=0x3901021e, color=0x7f7f7f) returned 0x7f7f7f [0178.876] GetNearestColor (hdc=0x3901021e, color=0x989898) returned 0x989898 [0178.876] GetNearestColor (hdc=0x3901021e, color=0x0) returned 0x0 [0178.876] GetNearestColor (hdc=0x3901021e, color=0x8b) returned 0x8b [0178.876] RestoreDC (hdc=0x3901021e, nSavedDC=-1) returned 1 [0179.143] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x3901021e) returned 0x0 [0179.143] IsAppThemed () returned 0x1 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] IsAppThemed () returned 0x1 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x226a920 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0179.143] IsAppThemed () returned 0x1 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] IsAppThemed () returned 0x1 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] IsAppThemed () returned 0x1 [0179.143] GetThemeAppProperties () returned 0x3 [0179.143] GetThemeAppProperties () returned 0x3 [0179.144] IsAppThemed () returned 0x1 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] IsThemePartDefined () returned 0x1 [0179.144] IsAppThemed () returned 0x1 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0179.144] IsAppThemed () returned 0x1 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] IsAppThemed () returned 0x1 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] GetThemeAppProperties () returned 0x3 [0179.144] IsThemePartDefined () returned 0x1 [0179.144] GdipCreateRegion (region=0x29d520) returned 0x0 [0179.144] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.144] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0179.144] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.144] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0179.144] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.144] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.144] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.144] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.144] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.144] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.144] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.144] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0179.144] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0179.144] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0179.145] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.145] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0179.145] GetCurrentObject (hdc=0x3901021e, type=0x1) returned 0x1b00017 [0179.145] GetCurrentObject (hdc=0x3901021e, type=0x2) returned 0x1900010 [0179.145] GetCurrentObject (hdc=0x3901021e, type=0x7) returned 0x905082d [0179.145] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0179.145] SaveDC (hdc=0x3901021e) returned 1 [0179.145] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x22040812 [0179.145] GetClipRgn (hdc=0x3901021e, hrgn=0x22040812) returned 0 [0179.145] SelectClipRgn (hdc=0x3901021e, hrgn=0x69040228) returned 2 [0179.145] DeleteObject (ho=0x22040812) returned 1 [0179.145] DeleteObject (ho=0x69040228) returned 1 [0179.145] OffsetViewportOrgEx (in: hdc=0x3901021e, x=0, y=0, lppt=0x226b308 | out: lppt=0x226b308) returned 1 [0179.145] DrawThemeParentBackground () returned 0x0 [0179.145] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0179.145] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0179.145] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.145] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.145] GetSystemMetrics (nIndex=42) returned 0 [0179.145] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.145] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0179.145] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0179.145] GetCurrentObject (hdc=0x3901021e, type=0x1) returned 0x1b00017 [0179.146] GetCurrentObject (hdc=0x3901021e, type=0x2) returned 0x1900010 [0179.146] GetCurrentObject (hdc=0x3901021e, type=0x7) returned 0x905082d [0179.146] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0179.146] SaveDC (hdc=0x3901021e) returned 2 [0179.146] GetNearestColor (hdc=0x3901021e, color=0x0) returned 0x0 [0179.146] CreateSolidBrush (color=0x0) returned 0x20100259 [0179.146] FillRect (hDC=0x3901021e, lprc=0x29cb98, hbr=0x20100259) returned 1 [0179.146] DeleteObject (ho=0x20100259) returned 1 [0179.146] RestoreDC (hdc=0x3901021e, nSavedDC=-1) returned 1 [0179.146] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.146] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.146] GetSystemMetrics (nIndex=42) returned 0 [0179.146] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.146] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0179.146] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0179.146] GetCurrentObject (hdc=0x3901021e, type=0x1) returned 0x1b00017 [0179.146] GetCurrentObject (hdc=0x3901021e, type=0x2) returned 0x1900010 [0179.146] GetCurrentObject (hdc=0x3901021e, type=0x7) returned 0x905082d [0179.146] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0179.146] SaveDC (hdc=0x3901021e) returned 2 [0179.146] GetNearestColor (hdc=0x3901021e, color=0x0) returned 0x0 [0179.146] CreateSolidBrush (color=0x0) returned 0x21100259 [0179.146] FillRect (hDC=0x3901021e, lprc=0x29cac8, hbr=0x21100259) returned 1 [0179.146] DeleteObject (ho=0x21100259) returned 1 [0179.146] RestoreDC (hdc=0x3901021e, nSavedDC=-1) returned 1 [0179.147] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.147] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.147] GetSystemMetrics (nIndex=42) returned 0 [0179.147] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.147] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0179.147] RestoreDC (hdc=0x3901021e, nSavedDC=-1) returned 1 [0179.147] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x3901021e) returned 0x0 [0179.147] IsAppThemed () returned 0x1 [0179.147] GetThemeAppProperties () returned 0x3 [0179.147] GetThemeAppProperties () returned 0x3 [0179.147] IsAppThemed () returned 0x1 [0179.147] GetThemeAppProperties () returned 0x3 [0179.147] GetThemeAppProperties () returned 0x3 [0179.147] IsThemePartDefined () returned 0x1 [0179.147] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0179.147] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.147] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0179.147] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.147] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0179.147] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.147] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.147] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.147] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.147] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.147] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.147] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.147] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0179.147] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0179.147] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0179.147] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.147] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0179.147] GetCurrentObject (hdc=0x3901021e, type=0x1) returned 0x1b00017 [0179.148] GetCurrentObject (hdc=0x3901021e, type=0x2) returned 0x1900010 [0179.148] GetCurrentObject (hdc=0x3901021e, type=0x7) returned 0x905082d [0179.148] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0179.148] SaveDC (hdc=0x3901021e) returned 1 [0179.148] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6a040228 [0179.148] GetClipRgn (hdc=0x3901021e, hrgn=0x6a040228) returned 0 [0179.148] SelectClipRgn (hdc=0x3901021e, hrgn=0x24040812) returned 2 [0179.148] DeleteObject (ho=0x6a040228) returned 1 [0179.148] DeleteObject (ho=0x24040812) returned 1 [0179.148] OffsetViewportOrgEx (in: hdc=0x3901021e, x=0, y=0, lppt=0x226c410 | out: lppt=0x226c410) returned 1 [0179.148] IsAppThemed () returned 0x1 [0179.148] GetThemeAppProperties () returned 0x3 [0179.148] GetThemeAppProperties () returned 0x3 [0179.148] DrawThemeBackground () returned 0x0 [0179.148] RestoreDC (hdc=0x3901021e, nSavedDC=-1) returned 1 [0179.148] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x3901021e) returned 0x0 [0179.148] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0179.148] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.148] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0179.148] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.148] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0179.148] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.148] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.148] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.148] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.150] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.150] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.150] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.150] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0179.150] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0179.150] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0179.150] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.150] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0179.150] GetCurrentObject (hdc=0x3901021e, type=0x1) returned 0x1b00017 [0179.150] GetCurrentObject (hdc=0x3901021e, type=0x2) returned 0x1900010 [0179.150] GetCurrentObject (hdc=0x3901021e, type=0x7) returned 0x905082d [0179.150] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0179.150] SaveDC (hdc=0x3901021e) returned 1 [0179.151] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x25040812 [0179.151] GetClipRgn (hdc=0x3901021e, hrgn=0x25040812) returned 0 [0179.151] SelectClipRgn (hdc=0x3901021e, hrgn=0x6b040228) returned 2 [0179.151] DeleteObject (ho=0x25040812) returned 1 [0179.151] DeleteObject (ho=0x6b040228) returned 1 [0179.151] OffsetViewportOrgEx (in: hdc=0x3901021e, x=0, y=0, lppt=0x226c8e8 | out: lppt=0x226c8e8) returned 1 [0179.151] IsAppThemed () returned 0x1 [0179.151] GetThemeAppProperties () returned 0x3 [0179.151] GetThemeAppProperties () returned 0x3 [0179.151] GetThemeBackgroundContentRect () returned 0x0 [0179.151] RestoreDC (hdc=0x3901021e, nSavedDC=-1) returned 1 [0179.151] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x3901021e) returned 0x0 [0179.151] IsAppThemed () returned 0x1 [0179.151] GetThemeAppProperties () returned 0x3 [0179.151] GetThemeAppProperties () returned 0x3 [0179.151] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0179.151] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0179.151] GetCurrentObject (hdc=0x3901021e, type=0x1) returned 0x1b00017 [0179.151] GetCurrentObject (hdc=0x3901021e, type=0x2) returned 0x1900010 [0179.151] GetCurrentObject (hdc=0x3901021e, type=0x7) returned 0x905082d [0179.152] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0179.152] SaveDC (hdc=0x3901021e) returned 1 [0179.152] GetTextAlign (hdc=0x3901021e) returned 0x0 [0179.152] GetTextColor (hdc=0x3901021e) returned 0x0 [0179.152] SetTextColor (hdc=0x3901021e, color=0x8b) returned 0x0 [0179.152] GetCurrentObject (hdc=0x3901021e, type=0x6) returned 0x18a002e [0179.152] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0179.152] SelectObject (hdc=0x3901021e, h=0x90a0819) returned 0x18a002e [0179.152] GetBkMode (hdc=0x3901021e) returned 2 [0179.152] SetBkMode (hdc=0x3901021e, mode=1) returned 2 [0179.152] DrawTextExW (in: hdc=0x3901021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x226cf70 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0179.152] DrawTextExW (in: hdc=0x3901021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x226cf70 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0179.152] RestoreDC (hdc=0x3901021e, nSavedDC=-1) returned 1 [0179.152] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x3901021e) returned 0x0 [0179.152] GetFocus () returned 0x201ba [0179.152] IsAppThemed () returned 0x1 [0179.152] GetThemeAppProperties () returned 0x3 [0179.152] GetThemeAppProperties () returned 0x3 [0179.152] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0179.152] BitBlt (hdc=0x7010804, x=0, y=0, cx=196, cy=49, hdcSrc=0x3901021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.152] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x3901021e) returned 0x0 [0179.152] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.152] SelectObject (hdc=0x3901021e, h=0x185000f) returned 0x905082d [0179.153] DeleteDC (hdc=0x3901021e) returned 1 [0179.153] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0179.153] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0179.153] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x226d0d8, cPoints=0x1 | out: lpPoints=0x226d0d8) returned 22938228 [0179.153] WindowFromPoint (Point=0x17f000002ac) returned 0x201ba [0179.153] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f02ac) returned 0x1 [0179.153] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0179.153] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0179.153] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0179.153] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0179.153] GetSystemMetrics (nIndex=42) returned 0 [0179.153] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad1c0 [0179.153] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad1c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0179.153] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad1c0) returned 0x158 [0179.153] CoTaskMemFree (pv=0x1a9ad1c0) [0179.155] OleSetClipboard (pDataObj=0x2dfd28) returned 0x0 [0179.157] OleFlushClipboard () returned 0x0 [0179.157] GlobalReAlloc (hMem=0x1bee00b8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00b8 [0179.157] GlobalLock (hMem=0x1bee00b8) returned 0x1a9acee0 [0179.157] RtlMoveMemory (in: Destination=0x1a9acee0, Source=0x226dfc0, Length=0x2b0 | out: Destination=0x1a9acee0) [0179.157] GlobalUnlock (hMem=0x1bee00b8) returned 0 [0179.157] GetCapture () returned 0x201ba [0179.157] ReleaseCapture () returned 1 [0179.157] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0179.157] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.158] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0179.158] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0179.158] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0179.158] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0179.160] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0179.160] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0179.160] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.160] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.160] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.160] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.160] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.161] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x2a3, wParam=0x0, lParam=0x0) returned 0x0 [0179.161] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0179.161] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.161] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.161] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.161] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.161] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.161] SetCursor (hCursor=0x10003) returned 0x10003 [0179.161] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.161] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.161] _TrackMouseEvent (in: lpEventTrack=0x225e660 | out: lpEventTrack=0x225e660) returned 1 [0179.161] SendMessageW (hWnd=0x201ba, Msg=0xc135, wParam=0x0, lParam=0x0) returned 0x0 [0179.161] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xc135, wParam=0x0, lParam=0x0) returned 0x0 [0179.161] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0179.161] GetKeyState (nVirtKey=1) returned 0 [0179.161] GetKeyState (nVirtKey=2) returned 0 [0179.161] GetKeyState (nVirtKey=4) returned 0 [0179.161] GetKeyState (nVirtKey=5) returned 0 [0179.161] GetKeyState (nVirtKey=6) returned 0 [0179.161] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.161] IsWindowUnicode (hWnd=0x501ac) returned 1 [0179.161] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.161] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.162] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.162] BeginPaint (in: hWnd=0x501ac, lpPaint=0x29e188 | out: lpPaint=0x29e188) returned 0xa010808 [0179.162] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.162] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0179.162] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0179.162] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0179.163] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29dca8 | out: lpwndpl=0x29dca8) returned 1 [0179.163] GetClientRect (in: hWnd=0x501ac, lpRect=0x29dbc0 | out: lpRect=0x29dbc0) returned 1 [0179.163] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.163] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.163] GetSystemMetrics (nIndex=42) returned 0 [0179.163] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d8e0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.163] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d8e0) returned 0x27 [0179.163] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d9a8 | out: lpRect=0x29d9a8) returned 1 [0179.163] GetCurrentObject (hdc=0xa010808, type=0x1) returned 0x1b00017 [0179.163] GetCurrentObject (hdc=0xa010808, type=0x2) returned 0x1900010 [0179.163] GetCurrentObject (hdc=0xa010808, type=0x7) returned 0x1050032 [0179.163] GetCurrentObject (hdc=0xa010808, type=0x6) returned 0x18a002e [0179.163] SaveDC (hdc=0xa010808) returned 1 [0179.163] GetNearestColor (hdc=0xa010808, color=0x0) returned 0x0 [0179.163] CreateSolidBrush (color=0x0) returned 0x22100259 [0179.163] FillRect (hDC=0xa010808, lprc=0x29d698, hbr=0x22100259) returned 1 [0179.163] DeleteObject (ho=0x22100259) returned 1 [0179.163] RestoreDC (hdc=0xa010808, nSavedDC=-1) returned 1 [0179.164] SelectPalette (hdc=0xa010808, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.164] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.164] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.164] GetSystemMetrics (nIndex=42) returned 0 [0179.164] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29dfe0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.164] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29dfe0) returned 0x27 [0179.164] SelectPalette (hdc=0xa010808, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.164] EndPaint (hWnd=0x501ac, lpPaint=0x29e128) returned 1 [0179.164] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.165] IsWindowUnicode (hWnd=0x301b2) returned 1 [0179.165] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.165] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.165] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.166] BeginPaint (in: hWnd=0x301b2, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0179.166] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.166] SelectPalette (hdc=0xa010808, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.166] CreateCompatibleDC (hdc=0xa010808) returned 0x4301021e [0179.166] SelectObject (hdc=0x4301021e, h=0x905082d) returned 0x185000f [0179.166] GdipCreateFromHDC (hdc=0x4301021e, graphics=0x29e0c8) returned 0x0 [0179.166] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.166] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=103, height=16, combineMode=0x0) returned 0x0 [0179.166] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0179.166] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.166] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0179.166] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.166] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.166] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.166] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.166] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0179.167] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.167] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e150) returned 0x0 [0179.167] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e1f0) returned 0x0 [0179.167] GetWindowTextLengthW (hWnd=0x301b2) returned 13 [0179.167] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xd [0179.167] GetSystemMetrics (nIndex=42) returned 0 [0179.167] GetWindowTextW (in: hWnd=0x301b2, lpString=0x29dfe0, nMaxCount=14 | out: lpString="Personal Key:") returned 13 [0179.167] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xd, wParam=0xe, lParam=0x29dfe0) returned 0xd [0179.167] GetClientRect (in: hWnd=0x301b2, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0179.167] GdipCreateRegion (region=0x29dd80) returned 0x0 [0179.167] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdcd0) returned 0x0 [0179.167] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0179.167] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.167] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0179.167] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.167] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.167] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.168] GdipCombineRegionRegion (region=0x1bcbdcd0, region2=0x1bcbdc10, combineMode=0x1) returned 0x0 [0179.168] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.168] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.168] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.168] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.169] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de50) returned 0x0 [0179.169] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de10) returned 0x0 [0179.169] GdipGetRegionHRgn (region=0x1bcbdcd0, graphics=0x1c34abe0, hRgn=0x29de10) returned 0x0 [0179.169] GdipDeleteRegion (region=0x1bcbdcd0) returned 0x0 [0179.169] GdipGetDC (graphics=0x1c34abe0, hdc=0x29de58) returned 0x0 [0179.169] GetCurrentObject (hdc=0x4301021e, type=0x1) returned 0x1b00017 [0179.169] GetCurrentObject (hdc=0x4301021e, type=0x2) returned 0x1900010 [0179.169] GetCurrentObject (hdc=0x4301021e, type=0x7) returned 0x905082d [0179.169] GetCurrentObject (hdc=0x4301021e, type=0x6) returned 0x18a002e [0179.169] SaveDC (hdc=0x4301021e) returned 1 [0179.169] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6c040228 [0179.169] GetClipRgn (hdc=0x4301021e, hrgn=0x6c040228) returned 0 [0179.169] SelectClipRgn (hdc=0x4301021e, hrgn=0x2c040812) returned 2 [0179.169] DeleteObject (ho=0x6c040228) returned 1 [0179.169] DeleteObject (ho=0x2c040812) returned 1 [0179.169] OffsetViewportOrgEx (in: hdc=0x4301021e, x=0, y=0, lppt=0x226f108 | out: lppt=0x226f108) returned 1 [0179.169] GetNearestColor (hdc=0x4301021e, color=0x0) returned 0x0 [0179.169] CreateSolidBrush (color=0x0) returned 0x23100259 [0179.169] FillRect (hDC=0x4301021e, lprc=0x29de88, hbr=0x23100259) returned 1 [0179.169] DeleteObject (ho=0x23100259) returned 1 [0179.169] RestoreDC (hdc=0x4301021e, nSavedDC=-1) returned 1 [0179.169] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4301021e) returned 0x0 [0179.169] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffdae0dbd) returned 0x0 [0179.169] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.169] GetWindowTextLengthW (hWnd=0x301b2) returned 13 [0179.170] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xd [0179.170] GetSystemMetrics (nIndex=42) returned 0 [0179.170] GetWindowTextW (in: hWnd=0x301b2, lpString=0x29dfe0, nMaxCount=14 | out: lpString="Personal Key:") returned 13 [0179.170] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xd, wParam=0xe, lParam=0x29dfe0) returned 0xd [0179.170] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dfe8) returned 0x0 [0179.170] GetCurrentObject (hdc=0x4301021e, type=0x1) returned 0x1b00017 [0179.170] GetCurrentObject (hdc=0x4301021e, type=0x2) returned 0x1900010 [0179.170] GetCurrentObject (hdc=0x4301021e, type=0x7) returned 0x905082d [0179.170] GetCurrentObject (hdc=0x4301021e, type=0x6) returned 0x18a002e [0179.170] SaveDC (hdc=0x4301021e) returned 1 [0179.170] GetNearestColor (hdc=0x4301021e, color=0xff00) returned 0xff00 [0179.170] RestoreDC (hdc=0x4301021e, nSavedDC=-1) returned 1 [0179.170] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4301021e) returned 0x0 [0179.170] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0179.170] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0179.170] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29def8) returned 0x0 [0179.170] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ded8) returned 0x0 [0179.170] GetCurrentObject (hdc=0x4301021e, type=0x1) returned 0x1b00017 [0179.170] GetCurrentObject (hdc=0x4301021e, type=0x2) returned 0x1900010 [0179.170] GetCurrentObject (hdc=0x4301021e, type=0x7) returned 0x905082d [0179.171] GetCurrentObject (hdc=0x4301021e, type=0x6) returned 0x18a002e [0179.171] SaveDC (hdc=0x4301021e) returned 1 [0179.171] GetTextAlign (hdc=0x4301021e) returned 0x0 [0179.171] GetTextColor (hdc=0x4301021e) returned 0x0 [0179.171] SetTextColor (hdc=0x4301021e, color=0xff00) returned 0x0 [0179.171] GetCurrentObject (hdc=0x4301021e, type=0x6) returned 0x18a002e [0179.171] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0179.171] SelectObject (hdc=0x4301021e, h=0x440a01d5) returned 0x18a002e [0179.171] GetBkMode (hdc=0x4301021e) returned 2 [0179.171] SetBkMode (hdc=0x4301021e, mode=1) returned 2 [0179.171] DrawTextExW (in: hdc=0x4301021e, lpchText="Personal Key:", cchText=13, lprc=0x29de68, format=0x100000, lpdtp=0x226fa28 | out: lpchText="Personal Key:", lprc=0x29de68) returned 16 [0179.172] RestoreDC (hdc=0x4301021e, nSavedDC=-1) returned 1 [0179.172] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4301021e) returned 0x0 [0179.172] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e108) returned 0x0 [0179.172] BitBlt (hdc=0xa010808, x=0, y=0, cx=103, cy=16, hdcSrc=0x4301021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.172] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4301021e) returned 0x0 [0179.172] SelectPalette (hdc=0xa010808, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.172] SelectObject (hdc=0x4301021e, h=0x185000f) returned 0x905082d [0179.172] DeleteDC (hdc=0x4301021e) returned 1 [0179.172] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0179.172] EndPaint (hWnd=0x301b2, lpPaint=0x29e0e8) returned 1 [0179.172] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.173] IsWindowUnicode (hWnd=0x301ae) returned 1 [0179.173] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.173] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.173] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.173] BeginPaint (in: hWnd=0x301ae, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0x7010804 [0179.173] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.173] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.173] CreateCompatibleDC (hdc=0x7010804) returned 0x4601021e [0179.173] SelectObject (hdc=0x4601021e, h=0x905082d) returned 0x185000f [0179.173] GdipCreateFromHDC (hdc=0x4601021e, graphics=0x29e0c8) returned 0x0 [0179.173] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.173] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=131, height=16, combineMode=0x0) returned 0x0 [0179.173] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0179.173] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.173] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0179.173] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.173] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.173] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.173] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.173] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0179.174] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.174] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e150) returned 0x0 [0179.174] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e1f0) returned 0x0 [0179.174] GetWindowTextLengthW (hWnd=0x301ae) returned 17 [0179.174] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x11 [0179.174] GetSystemMetrics (nIndex=42) returned 0 [0179.174] GetWindowTextW (in: hWnd=0x301ae, lpString=0x29dfd0, nMaxCount=18 | out: lpString="500$ or 0.084 BTC") returned 17 [0179.174] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xd, wParam=0x12, lParam=0x29dfd0) returned 0x11 [0179.174] GetClientRect (in: hWnd=0x301ae, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0179.174] GdipCreateRegion (region=0x29dd80) returned 0x0 [0179.174] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdcd0) returned 0x0 [0179.174] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0179.174] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.174] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0179.174] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.174] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.174] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.174] GdipCombineRegionRegion (region=0x1bcbdcd0, region2=0x1bcbdc10, combineMode=0x1) returned 0x0 [0179.174] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.174] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.174] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.174] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.174] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de50) returned 0x0 [0179.174] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de10) returned 0x0 [0179.174] GdipGetRegionHRgn (region=0x1bcbdcd0, graphics=0x1c34abe0, hRgn=0x29de10) returned 0x0 [0179.174] GdipDeleteRegion (region=0x1bcbdcd0) returned 0x0 [0179.174] GdipGetDC (graphics=0x1c34abe0, hdc=0x29de58) returned 0x0 [0179.174] GetCurrentObject (hdc=0x4601021e, type=0x1) returned 0x1b00017 [0179.174] GetCurrentObject (hdc=0x4601021e, type=0x2) returned 0x1900010 [0179.175] GetCurrentObject (hdc=0x4601021e, type=0x7) returned 0x905082d [0179.175] GetCurrentObject (hdc=0x4601021e, type=0x6) returned 0x18a002e [0179.175] SaveDC (hdc=0x4601021e) returned 1 [0179.175] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2d040812 [0179.175] GetClipRgn (hdc=0x4601021e, hrgn=0x2d040812) returned 0 [0179.175] SelectClipRgn (hdc=0x4601021e, hrgn=0x6e040228) returned 2 [0179.175] DeleteObject (ho=0x2d040812) returned 1 [0179.175] DeleteObject (ho=0x6e040228) returned 1 [0179.175] OffsetViewportOrgEx (in: hdc=0x4601021e, x=0, y=0, lppt=0x22701a8 | out: lppt=0x22701a8) returned 1 [0179.175] GetNearestColor (hdc=0x4601021e, color=0x0) returned 0x0 [0179.175] CreateSolidBrush (color=0x0) returned 0x24100259 [0179.175] FillRect (hDC=0x4601021e, lprc=0x29de88, hbr=0x24100259) returned 1 [0179.175] DeleteObject (ho=0x24100259) returned 1 [0179.175] RestoreDC (hdc=0x4601021e, nSavedDC=-1) returned 1 [0179.175] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4601021e) returned 0x0 [0179.175] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffdac0dbd) returned 0x0 [0179.175] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.175] GetWindowTextLengthW (hWnd=0x301ae) returned 17 [0179.175] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x11 [0179.175] GetSystemMetrics (nIndex=42) returned 0 [0179.175] GetWindowTextW (in: hWnd=0x301ae, lpString=0x29dfd0, nMaxCount=18 | out: lpString="500$ or 0.084 BTC") returned 17 [0179.175] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xd, wParam=0x12, lParam=0x29dfd0) returned 0x11 [0179.175] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dfe8) returned 0x0 [0179.175] GetCurrentObject (hdc=0x4601021e, type=0x1) returned 0x1b00017 [0179.175] GetCurrentObject (hdc=0x4601021e, type=0x2) returned 0x1900010 [0179.175] GetCurrentObject (hdc=0x4601021e, type=0x7) returned 0x905082d [0179.175] GetCurrentObject (hdc=0x4601021e, type=0x6) returned 0x18a002e [0179.176] SaveDC (hdc=0x4601021e) returned 1 [0179.176] GetNearestColor (hdc=0x4601021e, color=0xffff) returned 0xffff [0179.176] RestoreDC (hdc=0x4601021e, nSavedDC=-1) returned 1 [0179.176] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4601021e) returned 0x0 [0179.176] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0179.176] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0179.176] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29def8) returned 0x0 [0179.176] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ded8) returned 0x0 [0179.176] GetCurrentObject (hdc=0x4601021e, type=0x1) returned 0x1b00017 [0179.176] GetCurrentObject (hdc=0x4601021e, type=0x2) returned 0x1900010 [0179.176] GetCurrentObject (hdc=0x4601021e, type=0x7) returned 0x905082d [0179.176] GetCurrentObject (hdc=0x4601021e, type=0x6) returned 0x18a002e [0179.176] SaveDC (hdc=0x4601021e) returned 1 [0179.176] GetTextAlign (hdc=0x4601021e) returned 0x0 [0179.176] GetTextColor (hdc=0x4601021e) returned 0x0 [0179.176] SetTextColor (hdc=0x4601021e, color=0xffff) returned 0x0 [0179.176] GetCurrentObject (hdc=0x4601021e, type=0x6) returned 0x18a002e [0179.176] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0179.176] SelectObject (hdc=0x4601021e, h=0x440a01d5) returned 0x18a002e [0179.176] GetBkMode (hdc=0x4601021e) returned 2 [0179.177] SetBkMode (hdc=0x4601021e, mode=1) returned 2 [0179.177] DrawTextExW (in: hdc=0x4601021e, lpchText="500$ or 0.084 BTC", cchText=17, lprc=0x29de68, format=0x100000, lpdtp=0x2270ae0 | out: lpchText="500$ or 0.084 BTC", lprc=0x29de68) returned 16 [0179.177] RestoreDC (hdc=0x4601021e, nSavedDC=-1) returned 1 [0179.177] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4601021e) returned 0x0 [0179.177] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e108) returned 0x0 [0179.177] BitBlt (hdc=0x7010804, x=0, y=0, cx=131, cy=16, hdcSrc=0x4601021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.177] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4601021e) returned 0x0 [0179.177] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.177] SelectObject (hdc=0x4601021e, h=0x185000f) returned 0x905082d [0179.177] DeleteDC (hdc=0x4601021e) returned 1 [0179.177] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0179.177] EndPaint (hWnd=0x301ae, lpPaint=0x29e0e8) returned 1 [0179.178] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.178] IsWindowUnicode (hWnd=0x301b4) returned 1 [0179.178] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.178] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.178] DispatchMessageW (lpMsg=0x29ea50) returned 0x1 [0179.178] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0179.178] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.178] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x14, wParam=0x501080c, lParam=0x0) returned 0x1 [0179.178] SetTextColor (hdc=0x4901021e, color=0xffffff) returned 0x0 [0179.178] SetBkColor (hdc=0x4901021e, color=0x0) returned 0xffffff [0179.178] CreateSolidBrush (color=0x0) returned 0x25100259 [0179.179] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.179] IsWindowUnicode (hWnd=0x201b8) returned 1 [0179.179] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.179] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.179] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.179] BeginPaint (in: hWnd=0x201b8, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0179.179] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.179] SelectPalette (hdc=0xa010808, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.179] CreateCompatibleDC (hdc=0xa010808) returned 0xa010821 [0179.179] GetObjectType (h=0xa010808) returned 0x3 [0179.179] CreateCompatibleBitmap (hdc=0xa010808, cx=1, cy=1) returned 0xb050820 [0179.179] GetDIBits (in: hdc=0xa010808, hbm=0xb050820, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0179.179] GetDIBits (in: hdc=0xa010808, hbm=0xb050820, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0179.179] DeleteObject (ho=0xb050820) returned 1 [0179.179] CreateDIBSection (in: hdc=0xa010808, lpbmi=0x29db08, usage=0x0, ppvBits=0x29e0c8, hSection=0x0, offset=0x0 | out: ppvBits=0x29e0c8) returned 0xe050800 [0179.180] SelectObject (hdc=0xa010821, h=0xe050800) returned 0x185000f [0179.180] GdipCreateFromHDC (hdc=0xa010821, graphics=0x29e048) returned 0x0 [0179.180] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.180] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=675, height=80, combineMode=0x0) returned 0x0 [0179.180] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0179.180] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.180] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0179.180] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.180] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.180] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.180] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.181] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0179.181] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.181] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e150) returned 0x0 [0179.181] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e1f0) returned 0x0 [0179.181] GetWindowTextLengthW (hWnd=0x201b8) returned 192 [0179.181] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xc0 [0179.181] GetSystemMetrics (nIndex=42) returned 0 [0179.181] GetWindowTextW (in: hWnd=0x201b8, lpString=0x29de70, nMaxCount=193 | out: lpString="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:") returned 192 [0179.181] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xd, wParam=0xc1, lParam=0x29de70) returned 0xc0 [0179.181] GetClientRect (in: hWnd=0x201b8, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0179.181] GdipCreateRegion (region=0x29dd80) returned 0x0 [0179.181] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdcd0) returned 0x0 [0179.181] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0179.181] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.181] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0179.181] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.181] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.181] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.181] GdipCombineRegionRegion (region=0x1bcbdcd0, region2=0x1bcbdc10, combineMode=0x1) returned 0x0 [0179.181] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.181] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.181] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.181] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.181] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de50) returned 0x0 [0179.181] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de10) returned 0x0 [0179.181] GdipGetRegionHRgn (region=0x1bcbdcd0, graphics=0x1c34abe0, hRgn=0x29de10) returned 0x0 [0179.181] GdipDeleteRegion (region=0x1bcbdcd0) returned 0x0 [0179.181] GdipGetDC (graphics=0x1c34abe0, hdc=0x29de58) returned 0x0 [0179.182] GetCurrentObject (hdc=0xa010821, type=0x1) returned 0x1b00017 [0179.182] GetCurrentObject (hdc=0xa010821, type=0x2) returned 0x1900010 [0179.182] GetCurrentObject (hdc=0xa010821, type=0x7) returned 0xe050800 [0179.182] GetCurrentObject (hdc=0xa010821, type=0x6) returned 0x18a002e [0179.182] SaveDC (hdc=0xa010821) returned 1 [0179.182] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2404083a [0179.182] GetClipRgn (hdc=0xa010821, hrgn=0x2404083a) returned 0 [0179.182] SelectClipRgn (hdc=0xa010821, hrgn=0x70040228) returned 2 [0179.182] DeleteObject (ho=0x2404083a) returned 1 [0179.182] DeleteObject (ho=0x70040228) returned 1 [0179.182] OffsetViewportOrgEx (in: hdc=0xa010821, x=0, y=0, lppt=0x2272758 | out: lppt=0x2272758) returned 1 [0179.182] GetNearestColor (hdc=0xa010821, color=0x0) returned 0x0 [0179.182] CreateSolidBrush (color=0x0) returned 0x3510081f [0179.182] FillRect (hDC=0xa010821, lprc=0x29de88, hbr=0x3510081f) returned 1 [0179.183] DeleteObject (ho=0x3510081f) returned 1 [0179.183] RestoreDC (hdc=0xa010821, nSavedDC=-1) returned 1 [0179.183] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xa010821) returned 0x0 [0179.183] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffdaa0dbd) returned 0x0 [0179.183] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.183] GetWindowTextLengthW (hWnd=0x201b8) returned 192 [0179.183] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xc0 [0179.183] GetSystemMetrics (nIndex=42) returned 0 [0179.183] GetWindowTextW (in: hWnd=0x201b8, lpString=0x29de70, nMaxCount=193 | out: lpString="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:") returned 192 [0179.183] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xd, wParam=0xc1, lParam=0x29de70) returned 0xc0 [0179.183] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dfe8) returned 0x0 [0179.183] GetCurrentObject (hdc=0xa010821, type=0x1) returned 0x1b00017 [0179.183] GetCurrentObject (hdc=0xa010821, type=0x2) returned 0x1900010 [0179.183] GetCurrentObject (hdc=0xa010821, type=0x7) returned 0xe050800 [0179.183] GetCurrentObject (hdc=0xa010821, type=0x6) returned 0x18a002e [0179.184] SaveDC (hdc=0xa010821) returned 1 [0179.184] GetNearestColor (hdc=0xa010821, color=0x8b) returned 0x8b [0179.184] RestoreDC (hdc=0xa010821, nSavedDC=-1) returned 1 [0179.184] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xa010821) returned 0x0 [0179.184] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0179.184] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0179.184] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29def8) returned 0x0 [0179.184] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ded8) returned 0x0 [0179.184] GetCurrentObject (hdc=0xa010821, type=0x1) returned 0x1b00017 [0179.184] GetCurrentObject (hdc=0xa010821, type=0x2) returned 0x1900010 [0179.184] GetCurrentObject (hdc=0xa010821, type=0x7) returned 0xe050800 [0179.184] GetCurrentObject (hdc=0xa010821, type=0x6) returned 0x18a002e [0179.184] SaveDC (hdc=0xa010821) returned 1 [0179.184] GetTextAlign (hdc=0xa010821) returned 0x0 [0179.184] GetTextColor (hdc=0xa010821) returned 0x0 [0179.184] SetTextColor (hdc=0xa010821, color=0x8b) returned 0x0 [0179.184] GetCurrentObject (hdc=0xa010821, type=0x6) returned 0x18a002e [0179.184] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0179.184] SelectObject (hdc=0xa010821, h=0x440a01d5) returned 0x18a002e [0179.184] GetBkMode (hdc=0xa010821) returned 2 [0179.185] SetBkMode (hdc=0xa010821, mode=1) returned 2 [0179.185] DrawTextExW (in: hdc=0xa010821, lpchText="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:", cchText=192, lprc=0x29de68, format=0x100000, lpdtp=0x22734b0 | out: lpchText="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:", lprc=0x29de68) returned 80 [0179.186] RestoreDC (hdc=0xa010821, nSavedDC=-1) returned 1 [0179.186] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xa010821) returned 0x0 [0179.186] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e108) returned 0x0 [0179.186] BitBlt (hdc=0xa010808, x=0, y=0, cx=675, cy=80, hdcSrc=0xa010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.186] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xa010821) returned 0x0 [0179.186] SelectPalette (hdc=0xa010808, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.186] SelectObject (hdc=0xa010821, h=0x185000f) returned 0xe050800 [0179.186] DeleteDC (hdc=0xa010821) returned 1 [0179.186] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0179.186] DeleteObject (ho=0xe050800) returned 1 [0179.187] EndPaint (hWnd=0x201b8, lpPaint=0x29e0e8) returned 1 [0179.187] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.187] IsWindowUnicode (hWnd=0x201e8) returned 1 [0179.187] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.187] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.187] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.187] BeginPaint (in: hWnd=0x201e8, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0179.187] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.188] SelectPalette (hdc=0xa010808, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.188] CreateCompatibleDC (hdc=0xa010808) returned 0xf010820 [0179.188] DeleteObject (ho=0x905082d) returned 1 [0179.188] GetObjectType (h=0xa010808) returned 0x3 [0179.188] CreateCompatibleBitmap (hdc=0xa010808, cx=1, cy=1) returned 0x8050835 [0179.188] GetDIBits (in: hdc=0xa010808, hbm=0x8050835, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29dad8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29dad8) returned 1 [0179.188] GetDIBits (in: hdc=0xa010808, hbm=0x8050835, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29dad8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29dad8) returned 1 [0179.188] DeleteObject (ho=0x8050835) returned 1 [0179.188] CreateDIBSection (in: hdc=0xa010808, lpbmi=0x29db88, usage=0x0, ppvBits=0x29e148, hSection=0x0, offset=0x0 | out: ppvBits=0x29e148) returned 0xa05082d [0179.188] SelectObject (hdc=0xf010820, h=0xa05082d) returned 0x185000f [0179.188] GdipCreateFromHDC (hdc=0xf010820, graphics=0x29e0c8) returned 0x0 [0179.189] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.189] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=419, height=36, combineMode=0x0) returned 0x0 [0179.189] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0179.189] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.189] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0179.189] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.189] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.189] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.189] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.189] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0179.189] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.189] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e150) returned 0x0 [0179.189] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e1f0) returned 0x0 [0179.189] GetWindowTextLengthW (hWnd=0x201e8) returned 102 [0179.189] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x66 [0179.189] GetSystemMetrics (nIndex=42) returned 0 [0179.189] GetWindowTextW (in: hWnd=0x201e8, lpString=0x29df20, nMaxCount=103 | out: lpString="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.") returned 102 [0179.189] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xd, wParam=0x67, lParam=0x29df20) returned 0x66 [0179.189] GetClientRect (in: hWnd=0x201e8, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0179.189] GdipCreateRegion (region=0x29dd80) returned 0x0 [0179.189] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdcd0) returned 0x0 [0179.189] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0179.189] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.189] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0179.189] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.189] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.189] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.189] GdipCombineRegionRegion (region=0x1bcbdcd0, region2=0x1bcbdc10, combineMode=0x1) returned 0x0 [0179.190] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.190] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.190] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.190] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.190] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de50) returned 0x0 [0179.190] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de10) returned 0x0 [0179.190] GdipGetRegionHRgn (region=0x1bcbdcd0, graphics=0x1c34abe0, hRgn=0x29de10) returned 0x0 [0179.190] GdipDeleteRegion (region=0x1bcbdcd0) returned 0x0 [0179.190] GdipGetDC (graphics=0x1c34abe0, hdc=0x29de58) returned 0x0 [0179.190] GetCurrentObject (hdc=0xf010820, type=0x1) returned 0x1b00017 [0179.190] GetCurrentObject (hdc=0xf010820, type=0x2) returned 0x1900010 [0179.190] GetCurrentObject (hdc=0xf010820, type=0x7) returned 0xa05082d [0179.190] GetCurrentObject (hdc=0xf010820, type=0x6) returned 0x18a002e [0179.190] SaveDC (hdc=0xf010820) returned 1 [0179.190] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x71040228 [0179.190] GetClipRgn (hdc=0xf010820, hrgn=0x71040228) returned 0 [0179.190] SelectClipRgn (hdc=0xf010820, hrgn=0x2604083a) returned 2 [0179.190] DeleteObject (ho=0x71040228) returned 1 [0179.190] DeleteObject (ho=0x2604083a) returned 1 [0179.190] OffsetViewportOrgEx (in: hdc=0xf010820, x=0, y=0, lppt=0x2274e88 | out: lppt=0x2274e88) returned 1 [0179.190] GetNearestColor (hdc=0xf010820, color=0xe9e7df) returned 0xe9e7df [0179.190] CreateSolidBrush (color=0xe9e7df) returned 0x3610081f [0179.190] FillRect (hDC=0xf010820, lprc=0x29de88, hbr=0x3610081f) returned 1 [0179.191] DeleteObject (ho=0x3610081f) returned 1 [0179.191] RestoreDC (hdc=0xf010820, nSavedDC=-1) returned 1 [0179.191] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xf010820) returned 0x0 [0179.191] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffda80dbd) returned 0x0 [0179.191] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.191] GetWindowTextLengthW (hWnd=0x201e8) returned 102 [0179.191] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x66 [0179.191] GetSystemMetrics (nIndex=42) returned 0 [0179.191] GetWindowTextW (in: hWnd=0x201e8, lpString=0x29df20, nMaxCount=103 | out: lpString="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.") returned 102 [0179.191] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xd, wParam=0x67, lParam=0x29df20) returned 0x66 [0179.191] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dfe8) returned 0x0 [0179.191] GetCurrentObject (hdc=0xf010820, type=0x1) returned 0x1b00017 [0179.191] GetCurrentObject (hdc=0xf010820, type=0x2) returned 0x1900010 [0179.191] GetCurrentObject (hdc=0xf010820, type=0x7) returned 0xa05082d [0179.191] GetCurrentObject (hdc=0xf010820, type=0x6) returned 0x18a002e [0179.191] SaveDC (hdc=0xf010820) returned 1 [0179.191] GetNearestColor (hdc=0xf010820, color=0x0) returned 0x0 [0179.192] RestoreDC (hdc=0xf010820, nSavedDC=-1) returned 1 [0179.192] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xf010820) returned 0x0 [0179.192] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0179.192] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0179.192] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29def8) returned 0x0 [0179.192] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ded8) returned 0x0 [0179.192] GetCurrentObject (hdc=0xf010820, type=0x1) returned 0x1b00017 [0179.192] GetCurrentObject (hdc=0xf010820, type=0x2) returned 0x1900010 [0179.192] GetCurrentObject (hdc=0xf010820, type=0x7) returned 0xa05082d [0179.192] GetCurrentObject (hdc=0xf010820, type=0x6) returned 0x18a002e [0179.192] SaveDC (hdc=0xf010820) returned 1 [0179.192] GetTextAlign (hdc=0xf010820) returned 0x0 [0179.192] GetTextColor (hdc=0xf010820) returned 0x0 [0179.192] GetCurrentObject (hdc=0xf010820, type=0x6) returned 0x18a002e [0179.192] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0179.192] SelectObject (hdc=0xf010820, h=0x70a0811) returned 0x18a002e [0179.192] GetBkMode (hdc=0xf010820) returned 2 [0179.192] SetBkMode (hdc=0xf010820, mode=1) returned 2 [0179.192] DrawTextExW (in: hdc=0xf010820, lpchText="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.", cchText=102, lprc=0x29de68, format=0x100000, lpdtp=0x22758f8 | out: lpchText="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.", lprc=0x29de68) returned 36 [0179.194] RestoreDC (hdc=0xf010820, nSavedDC=-1) returned 1 [0179.194] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xf010820) returned 0x0 [0179.194] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e108) returned 0x0 [0179.194] BitBlt (hdc=0xa010808, x=0, y=0, cx=419, cy=36, hdcSrc=0xf010820, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.194] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xf010820) returned 0x0 [0179.194] SelectPalette (hdc=0xa010808, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.194] SelectObject (hdc=0xf010820, h=0x185000f) returned 0xa05082d [0179.194] DeleteDC (hdc=0xf010820) returned 1 [0179.194] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0179.194] EndPaint (hWnd=0x201e8, lpPaint=0x29e0e8) returned 1 [0179.195] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.195] IsWindowUnicode (hWnd=0x201e6) returned 1 [0179.195] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.195] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.195] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.195] BeginPaint (in: hWnd=0x201e6, lpPaint=0x29e1c8 | out: lpPaint=0x29e1c8) returned 0x7010804 [0179.195] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.195] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.195] CreateCompatibleDC (hdc=0x7010804) returned 0x12010820 [0179.195] GetObjectType (h=0x7010804) returned 0x3 [0179.195] CreateCompatibleBitmap (hdc=0x7010804, cx=1, cy=1) returned 0x14050800 [0179.195] GetDIBits (in: hdc=0x7010804, hbm=0x14050800, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29dad8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29dad8) returned 1 [0179.195] GetDIBits (in: hdc=0x7010804, hbm=0x14050800, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29dad8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29dad8) returned 1 [0179.196] DeleteObject (ho=0x14050800) returned 1 [0179.196] CreateDIBSection (in: hdc=0x7010804, lpbmi=0x29db88, usage=0x0, ppvBits=0x29e148, hSection=0x0, offset=0x0 | out: ppvBits=0x29e148) returned 0xc050821 [0179.196] SelectObject (hdc=0x12010820, h=0xc050821) returned 0x185000f [0179.196] GdipCreateFromHDC (hdc=0x12010820, graphics=0x29e0c8) returned 0x0 [0179.196] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.196] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=537, height=87, combineMode=0x0) returned 0x0 [0179.196] GdipCreateMatrix (matrix=0x29e170) returned 0x0 [0179.196] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.197] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e1d8) returned 0x0 [0179.197] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.197] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.197] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.197] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.197] GdipCreateRegion (region=0x29e170) returned 0x0 [0179.197] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.197] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e1d0) returned 0x0 [0179.197] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e270) returned 0x0 [0179.197] GetWindowTextLengthW (hWnd=0x201e6) returned 0 [0179.197] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0179.197] GetSystemMetrics (nIndex=42) returned 0 [0179.197] GetWindowTextW (in: hWnd=0x201e6, lpString=0x29e070, nMaxCount=1 | out: lpString="") returned 0 [0179.197] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xd, wParam=0x1, lParam=0x29e070) returned 0x0 [0179.197] GetClientRect (in: hWnd=0x201e6, lpRect=0x29e218 | out: lpRect=0x29e218) returned 1 [0179.197] GdipCreateRegion (region=0x29de00) returned 0x0 [0179.197] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdcd0) returned 0x0 [0179.197] GdipCreateMatrix (matrix=0x29de00) returned 0x0 [0179.197] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.197] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29de68) returned 0x0 [0179.197] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.197] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.197] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.197] GdipCombineRegionRegion (region=0x1bcbdcd0, region2=0x1bcbdc10, combineMode=0x1) returned 0x0 [0179.197] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.198] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.198] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.198] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.198] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29ded0) returned 0x0 [0179.198] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de90) returned 0x0 [0179.198] GdipGetRegionHRgn (region=0x1bcbdcd0, graphics=0x1c34abe0, hRgn=0x29de90) returned 0x0 [0179.198] GdipDeleteRegion (region=0x1bcbdcd0) returned 0x0 [0179.198] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ded8) returned 0x0 [0179.198] GetCurrentObject (hdc=0x12010820, type=0x1) returned 0x1b00017 [0179.198] GetCurrentObject (hdc=0x12010820, type=0x2) returned 0x1900010 [0179.198] GetCurrentObject (hdc=0x12010820, type=0x7) returned 0xc050821 [0179.198] GetCurrentObject (hdc=0x12010820, type=0x6) returned 0x18a002e [0179.198] SaveDC (hdc=0x12010820) returned 1 [0179.198] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2704083a [0179.198] GetClipRgn (hdc=0x12010820, hrgn=0x2704083a) returned 0 [0179.198] SelectClipRgn (hdc=0x12010820, hrgn=0x73040228) returned 2 [0179.198] DeleteObject (ho=0x2704083a) returned 1 [0179.198] DeleteObject (ho=0x73040228) returned 1 [0179.198] OffsetViewportOrgEx (in: hdc=0x12010820, x=0, y=0, lppt=0x2277080 | out: lppt=0x2277080) returned 1 [0179.198] GetNearestColor (hdc=0x12010820, color=0x0) returned 0x0 [0179.198] CreateSolidBrush (color=0x0) returned 0x3710081f [0179.198] FillRect (hDC=0x12010820, lprc=0x29df08, hbr=0x3710081f) returned 1 [0179.200] DeleteObject (ho=0x3710081f) returned 1 [0179.200] RestoreDC (hdc=0x12010820, nSavedDC=-1) returned 1 [0179.200] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x12010820) returned 0x0 [0179.200] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffda60dbd) returned 0x0 [0179.200] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.200] GetWindowTextLengthW (hWnd=0x201e6) returned 0 [0179.200] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0179.200] GetSystemMetrics (nIndex=42) returned 0 [0179.200] GetWindowTextW (in: hWnd=0x201e6, lpString=0x29e070, nMaxCount=1 | out: lpString="") returned 0 [0179.200] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xd, wParam=0x1, lParam=0x29e070) returned 0x0 [0179.201] GdipGetImageWidth (image=0x1c34a190, width=0x29e068) returned 0x0 [0179.201] GdipGetImageHeight (image=0x1c34a190, height=0x29e068) returned 0x0 [0179.203] GdipDrawImageRectI (graphics=0x1c34abe0, image=0x1c34a190, x=0, y=0, width=532, height=86) returned 0x0 [0179.208] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e188) returned 0x0 [0179.208] BitBlt (hdc=0x7010804, x=0, y=0, cx=537, cy=87, hdcSrc=0x12010820, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.208] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x12010820) returned 0x0 [0179.208] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.208] SelectObject (hdc=0x12010820, h=0x185000f) returned 0xc050821 [0179.208] DeleteDC (hdc=0x12010820) returned 1 [0179.208] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0179.209] DeleteObject (ho=0xc050821) returned 1 [0179.210] EndPaint (hWnd=0x201e6, lpPaint=0x29e168) returned 1 [0179.210] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.210] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.210] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.210] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.210] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.210] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29e118 | out: lpPaint=0x29e118) returned 0x501080c [0179.210] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.210] CreateCompatibleDC (hdc=0x501080c) returned 0x17010800 [0179.210] SelectObject (hdc=0x17010800, h=0xa05082d) returned 0x185000f [0179.210] GdipCreateFromHDC (hdc=0x17010800, graphics=0x29e098) returned 0x0 [0179.210] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.210] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0179.210] GdipCreateMatrix (matrix=0x29e0c0) returned 0x0 [0179.210] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0179.210] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e128) returned 0x0 [0179.210] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.210] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.211] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.211] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.211] GdipCreateRegion (region=0x29e0c0) returned 0x0 [0179.211] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0179.211] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29e120) returned 0x0 [0179.211] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29e1c0) returned 0x0 [0179.211] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffda40dbd) returned 0x0 [0179.211] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0179.211] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29de38) returned 0x0 [0179.211] GetCurrentObject (hdc=0x17010800, type=0x1) returned 0x1b00017 [0179.211] GetCurrentObject (hdc=0x17010800, type=0x2) returned 0x1900010 [0179.211] GetCurrentObject (hdc=0x17010800, type=0x7) returned 0xa05082d [0179.211] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.211] SaveDC (hdc=0x17010800) returned 1 [0179.211] GetNearestColor (hdc=0x17010800, color=0x0) returned 0x0 [0179.211] GetNearestColor (hdc=0x17010800, color=0x0) returned 0x0 [0179.211] GetNearestColor (hdc=0x17010800, color=0x0) returned 0x0 [0179.211] GetNearestColor (hdc=0x17010800, color=0x989898) returned 0x989898 [0179.211] GetNearestColor (hdc=0x17010800, color=0x8b) returned 0x8b [0179.211] GetNearestColor (hdc=0x17010800, color=0x7f7f7f) returned 0x7f7f7f [0179.212] GetNearestColor (hdc=0x17010800, color=0x989898) returned 0x989898 [0179.212] GetNearestColor (hdc=0x17010800, color=0x0) returned 0x0 [0179.212] GetNearestColor (hdc=0x17010800, color=0x8b) returned 0x8b [0179.212] RestoreDC (hdc=0x17010800, nSavedDC=-1) returned 1 [0179.212] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x17010800) returned 0x0 [0179.212] IsAppThemed () returned 0x1 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] IsAppThemed () returned 0x1 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29daa8, format=0x102415, lpdtp=0x2277da8 | out: lpchText="Сopy to clipboard", lprc=0x29daa8) returned 13 [0179.212] IsAppThemed () returned 0x1 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] IsAppThemed () returned 0x1 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] IsAppThemed () returned 0x1 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] IsAppThemed () returned 0x1 [0179.212] GetThemeAppProperties () returned 0x3 [0179.212] GetThemeAppProperties () returned 0x3 [0179.213] IsThemePartDefined () returned 0x1 [0179.213] IsAppThemed () returned 0x1 [0179.213] GetThemeAppProperties () returned 0x3 [0179.213] GetThemeAppProperties () returned 0x3 [0179.213] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0179.213] IsAppThemed () returned 0x1 [0179.213] GetThemeAppProperties () returned 0x3 [0179.213] GetThemeAppProperties () returned 0x3 [0179.213] IsAppThemed () returned 0x1 [0179.213] GetThemeAppProperties () returned 0x3 [0179.213] GetThemeAppProperties () returned 0x3 [0179.213] IsThemePartDefined () returned 0x1 [0179.213] GdipCreateRegion (region=0x29dba0) returned 0x0 [0179.213] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0179.213] GdipCreateMatrix (matrix=0x29dba0) returned 0x0 [0179.213] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0179.213] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dc08) returned 0x0 [0179.213] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.213] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.213] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.213] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.213] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.213] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.213] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.213] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29dc70) returned 0x0 [0179.213] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29dc30) returned 0x0 [0179.213] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29dc30) returned 0x0 [0179.213] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0179.213] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29dc78) returned 0x0 [0179.214] GetCurrentObject (hdc=0x17010800, type=0x1) returned 0x1b00017 [0179.214] GetCurrentObject (hdc=0x17010800, type=0x2) returned 0x1900010 [0179.214] GetCurrentObject (hdc=0x17010800, type=0x7) returned 0xa05082d [0179.214] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.214] SaveDC (hdc=0x17010800) returned 1 [0179.214] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x74040228 [0179.214] GetClipRgn (hdc=0x17010800, hrgn=0x74040228) returned 0 [0179.214] SelectClipRgn (hdc=0x17010800, hrgn=0x2904083a) returned 2 [0179.214] DeleteObject (ho=0x74040228) returned 1 [0179.214] DeleteObject (ho=0x2904083a) returned 1 [0179.214] OffsetViewportOrgEx (in: hdc=0x17010800, x=0, y=0, lppt=0x2278790 | out: lppt=0x2278790) returned 1 [0179.214] DrawThemeParentBackground () returned 0x0 [0179.214] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d828 | out: lpwndpl=0x29d828) returned 1 [0179.214] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d740 | out: lpRect=0x29d740) returned 1 [0179.214] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.214] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.214] GetSystemMetrics (nIndex=42) returned 0 [0179.214] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d460, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.214] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d460) returned 0x27 [0179.214] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d528 | out: lpRect=0x29d528) returned 1 [0179.214] GetCurrentObject (hdc=0x17010800, type=0x1) returned 0x1b00017 [0179.215] GetCurrentObject (hdc=0x17010800, type=0x2) returned 0x1900010 [0179.215] GetCurrentObject (hdc=0x17010800, type=0x7) returned 0xa05082d [0179.215] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.215] SaveDC (hdc=0x17010800) returned 2 [0179.215] GetNearestColor (hdc=0x17010800, color=0x0) returned 0x0 [0179.215] CreateSolidBrush (color=0x0) returned 0x3810081f [0179.215] FillRect (hDC=0x17010800, lprc=0x29d218, hbr=0x3810081f) returned 1 [0179.215] DeleteObject (ho=0x3810081f) returned 1 [0179.215] RestoreDC (hdc=0x17010800, nSavedDC=-1) returned 1 [0179.215] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.215] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.215] GetSystemMetrics (nIndex=42) returned 0 [0179.215] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d390, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.215] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d390) returned 0x27 [0179.215] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d458 | out: lpRect=0x29d458) returned 1 [0179.215] GetCurrentObject (hdc=0x17010800, type=0x1) returned 0x1b00017 [0179.215] GetCurrentObject (hdc=0x17010800, type=0x2) returned 0x1900010 [0179.215] GetCurrentObject (hdc=0x17010800, type=0x7) returned 0xa05082d [0179.216] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.216] SaveDC (hdc=0x17010800) returned 2 [0179.216] GetNearestColor (hdc=0x17010800, color=0x0) returned 0x0 [0179.216] CreateSolidBrush (color=0x0) returned 0x3910081f [0179.216] FillRect (hDC=0x17010800, lprc=0x29d148, hbr=0x3910081f) returned 1 [0179.216] DeleteObject (ho=0x3910081f) returned 1 [0179.216] RestoreDC (hdc=0x17010800, nSavedDC=-1) returned 1 [0179.216] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.216] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.216] GetSystemMetrics (nIndex=42) returned 0 [0179.216] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d390, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.216] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d390) returned 0x27 [0179.216] RestoreDC (hdc=0x17010800, nSavedDC=-1) returned 1 [0179.216] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x17010800) returned 0x0 [0179.216] IsAppThemed () returned 0x1 [0179.216] GetThemeAppProperties () returned 0x3 [0179.216] GetThemeAppProperties () returned 0x3 [0179.216] IsAppThemed () returned 0x1 [0179.216] GetThemeAppProperties () returned 0x3 [0179.216] GetThemeAppProperties () returned 0x3 [0179.216] IsThemePartDefined () returned 0x1 [0179.216] GdipCreateRegion (region=0x29db40) returned 0x0 [0179.217] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0179.217] GdipCreateMatrix (matrix=0x29db40) returned 0x0 [0179.217] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0179.217] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29dba8) returned 0x0 [0179.217] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.217] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.217] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.217] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.217] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.217] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.217] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.217] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29dc10) returned 0x0 [0179.217] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29dbd0) returned 0x0 [0179.217] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29dbd0) returned 0x0 [0179.217] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0179.217] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29dc18) returned 0x0 [0179.217] GetCurrentObject (hdc=0x17010800, type=0x1) returned 0x1b00017 [0179.217] GetCurrentObject (hdc=0x17010800, type=0x2) returned 0x1900010 [0179.217] GetCurrentObject (hdc=0x17010800, type=0x7) returned 0xa05082d [0179.217] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.217] SaveDC (hdc=0x17010800) returned 1 [0179.217] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2a04083a [0179.217] GetClipRgn (hdc=0x17010800, hrgn=0x2a04083a) returned 0 [0179.217] SelectClipRgn (hdc=0x17010800, hrgn=0x76040228) returned 2 [0179.218] DeleteObject (ho=0x2a04083a) returned 1 [0179.218] DeleteObject (ho=0x76040228) returned 1 [0179.218] OffsetViewportOrgEx (in: hdc=0x17010800, x=0, y=0, lppt=0x2279898 | out: lppt=0x2279898) returned 1 [0179.218] IsAppThemed () returned 0x1 [0179.251] GetThemeAppProperties () returned 0x3 [0179.251] GetThemeAppProperties () returned 0x3 [0179.251] DrawThemeBackground () returned 0x0 [0179.251] RestoreDC (hdc=0x17010800, nSavedDC=-1) returned 1 [0179.251] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x17010800) returned 0x0 [0179.251] GdipCreateRegion (region=0x29db30) returned 0x0 [0179.251] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0179.251] GdipCreateMatrix (matrix=0x29db30) returned 0x0 [0179.251] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0179.251] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29db98) returned 0x0 [0179.252] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.252] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.252] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.252] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.252] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.252] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.252] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.252] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29dc00) returned 0x0 [0179.252] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29dbc0) returned 0x0 [0179.252] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29dbc0) returned 0x0 [0179.252] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0179.252] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29dc08) returned 0x0 [0179.252] GetCurrentObject (hdc=0x17010800, type=0x1) returned 0x1b00017 [0179.252] GetCurrentObject (hdc=0x17010800, type=0x2) returned 0x1900010 [0179.252] GetCurrentObject (hdc=0x17010800, type=0x7) returned 0xa05082d [0179.252] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.252] SaveDC (hdc=0x17010800) returned 1 [0179.252] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x77040228 [0179.252] GetClipRgn (hdc=0x17010800, hrgn=0x77040228) returned 0 [0179.252] SelectClipRgn (hdc=0x17010800, hrgn=0x2b04083a) returned 2 [0179.252] DeleteObject (ho=0x77040228) returned 1 [0179.252] DeleteObject (ho=0x2b04083a) returned 1 [0179.252] OffsetViewportOrgEx (in: hdc=0x17010800, x=0, y=0, lppt=0x2279d70 | out: lppt=0x2279d70) returned 1 [0179.253] IsAppThemed () returned 0x1 [0179.253] GetThemeAppProperties () returned 0x3 [0179.253] GetThemeAppProperties () returned 0x3 [0179.253] GetThemeBackgroundContentRect () returned 0x0 [0179.253] RestoreDC (hdc=0x17010800, nSavedDC=-1) returned 1 [0179.253] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x17010800) returned 0x0 [0179.253] IsAppThemed () returned 0x1 [0179.253] GetThemeAppProperties () returned 0x3 [0179.253] GetThemeAppProperties () returned 0x3 [0179.253] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29dde8) returned 0x0 [0179.253] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29ddc8) returned 0x0 [0179.253] GetCurrentObject (hdc=0x17010800, type=0x1) returned 0x1b00017 [0179.253] GetCurrentObject (hdc=0x17010800, type=0x2) returned 0x1900010 [0179.253] GetCurrentObject (hdc=0x17010800, type=0x7) returned 0xa05082d [0179.253] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.253] SaveDC (hdc=0x17010800) returned 1 [0179.253] GetTextAlign (hdc=0x17010800) returned 0x0 [0179.253] GetTextColor (hdc=0x17010800) returned 0x0 [0179.253] SetTextColor (hdc=0x17010800, color=0x8b) returned 0x0 [0179.253] GetCurrentObject (hdc=0x17010800, type=0x6) returned 0x18a002e [0179.253] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d900 | out: pv=0x29d900) returned 92 [0179.253] SelectObject (hdc=0x17010800, h=0x90a0819) returned 0x18a002e [0179.253] GetBkMode (hdc=0x17010800) returned 2 [0179.254] SetBkMode (hdc=0x17010800, mode=1) returned 2 [0179.254] DrawTextExW (in: hdc=0x17010800, lpchText="Сopy to clipboard", cchText=17, lprc=0x29db40, format=0x102415, lpdtp=0x227a3f8 | out: lpchText="Сopy to clipboard", lprc=0x29db40) returned 13 [0179.254] DrawTextExW (in: hdc=0x17010800, lpchText="Сopy to clipboard", cchText=17, lprc=0x29dd58, format=0x102015, lpdtp=0x227a3f8 | out: lpchText="Сopy to clipboard", lprc=0x29dd58) returned 13 [0179.254] RestoreDC (hdc=0x17010800, nSavedDC=-1) returned 1 [0179.254] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x17010800) returned 0x0 [0179.254] GetFocus () returned 0x201ba [0179.254] IsAppThemed () returned 0x1 [0179.254] GetThemeAppProperties () returned 0x3 [0179.254] GetThemeAppProperties () returned 0x3 [0179.254] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29e0d8) returned 0x0 [0179.254] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x17010800, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.254] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x17010800) returned 0x0 [0179.254] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.254] SelectObject (hdc=0x17010800, h=0x185000f) returned 0xa05082d [0179.254] DeleteDC (hdc=0x17010800) returned 1 [0179.254] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0179.255] EndPaint (hWnd=0x201ba, lpPaint=0x29e0b8) returned 1 [0179.255] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.255] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0179.255] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0179.255] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0179.255] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.255] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.255] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.255] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.255] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0179.255] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xcc0198) returned 0x0 [0179.255] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0179.255] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0179.255] SetCursor (hCursor=0x10003) returned 0x10003 [0179.256] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.256] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.256] GetKeyState (nVirtKey=1) returned -127 [0179.256] GetKeyState (nVirtKey=2) returned 0 [0179.256] GetKeyState (nVirtKey=4) returned 0 [0179.256] GetKeyState (nVirtKey=5) returned 0 [0179.256] GetKeyState (nVirtKey=6) returned 0 [0179.256] IsWindowVisible (hWnd=0x201ba) returned 1 [0179.256] IsWindowEnabled (hWnd=0x201ba) returned 1 [0179.256] SetFocus (hWnd=0x201ba) returned 0x201ba [0179.256] GetFocus () returned 0x201ba [0179.256] GetFocus () returned 0x201ba [0179.256] GetFocus () returned 0x201ba [0179.256] GetKeyState (nVirtKey=1) returned -127 [0179.256] GetKeyState (nVirtKey=2) returned 0 [0179.256] GetKeyState (nVirtKey=4) returned 0 [0179.256] GetKeyState (nVirtKey=5) returned 0 [0179.256] GetKeyState (nVirtKey=6) returned 0 [0179.256] GetCapture () returned 0x0 [0179.256] SetCapture (hWnd=0x201ba) returned 0x0 [0179.256] GetKeyState (nVirtKey=1) returned -127 [0179.256] GetKeyState (nVirtKey=2) returned 0 [0179.256] GetKeyState (nVirtKey=4) returned 0 [0179.256] GetKeyState (nVirtKey=5) returned 0 [0179.256] GetKeyState (nVirtKey=6) returned 0 [0179.256] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0179.256] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0179.256] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.256] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.256] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.256] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0179.256] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.257] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.257] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.257] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.257] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.257] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x227a5c0, cPoints=0x1 | out: lpPoints=0x227a5c0) returned 22938228 [0179.257] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0179.257] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0179.257] UpdateWindow (hWnd=0x201ba) returned 1 [0179.257] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0179.257] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.257] CreateCompatibleDC (hdc=0x501080c) returned 0x18010800 [0179.257] SelectObject (hdc=0x18010800, h=0xa05082d) returned 0x185000f [0179.257] GdipCreateFromHDC (hdc=0x18010800, graphics=0x29da18) returned 0x0 [0179.257] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.257] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0179.257] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0179.257] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.257] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0179.257] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.257] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.257] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.258] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.258] GdipCreateRegion (region=0x29da40) returned 0x0 [0179.258] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.266] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0179.267] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0179.267] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffda20dbd) returned 0x0 [0179.267] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.267] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0179.267] GetCurrentObject (hdc=0x18010800, type=0x1) returned 0x1b00017 [0179.267] GetCurrentObject (hdc=0x18010800, type=0x2) returned 0x1900010 [0179.267] GetCurrentObject (hdc=0x18010800, type=0x7) returned 0xa05082d [0179.267] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.267] SaveDC (hdc=0x18010800) returned 1 [0179.267] GetNearestColor (hdc=0x18010800, color=0x0) returned 0x0 [0179.267] GetNearestColor (hdc=0x18010800, color=0x0) returned 0x0 [0179.267] GetNearestColor (hdc=0x18010800, color=0x0) returned 0x0 [0179.267] GetNearestColor (hdc=0x18010800, color=0x989898) returned 0x989898 [0179.267] GetNearestColor (hdc=0x18010800, color=0x8b) returned 0x8b [0179.267] GetNearestColor (hdc=0x18010800, color=0x7f7f7f) returned 0x7f7f7f [0179.267] GetNearestColor (hdc=0x18010800, color=0x989898) returned 0x989898 [0179.268] GetNearestColor (hdc=0x18010800, color=0x0) returned 0x0 [0179.268] GetNearestColor (hdc=0x18010800, color=0x8b) returned 0x8b [0179.268] RestoreDC (hdc=0x18010800, nSavedDC=-1) returned 1 [0179.268] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x18010800) returned 0x0 [0179.268] IsAppThemed () returned 0x1 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] IsAppThemed () returned 0x1 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x227b198 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0179.268] IsAppThemed () returned 0x1 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] IsAppThemed () returned 0x1 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] IsAppThemed () returned 0x1 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] IsAppThemed () returned 0x1 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] GetThemeAppProperties () returned 0x3 [0179.268] IsThemePartDefined () returned 0x1 [0179.268] IsAppThemed () returned 0x1 [0179.269] GetThemeAppProperties () returned 0x3 [0179.269] GetThemeAppProperties () returned 0x3 [0179.269] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0179.269] IsAppThemed () returned 0x1 [0179.269] GetThemeAppProperties () returned 0x3 [0179.269] GetThemeAppProperties () returned 0x3 [0179.269] IsAppThemed () returned 0x1 [0179.269] GetThemeAppProperties () returned 0x3 [0179.269] GetThemeAppProperties () returned 0x3 [0179.269] IsThemePartDefined () returned 0x1 [0179.269] GdipCreateRegion (region=0x29d520) returned 0x0 [0179.269] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.269] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0179.269] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.269] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0179.269] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.269] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.269] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.269] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.269] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.269] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.269] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.269] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0179.269] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0179.270] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0179.270] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.270] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0179.270] GetCurrentObject (hdc=0x18010800, type=0x1) returned 0x1b00017 [0179.270] GetCurrentObject (hdc=0x18010800, type=0x2) returned 0x1900010 [0179.270] GetCurrentObject (hdc=0x18010800, type=0x7) returned 0xa05082d [0179.270] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.270] SaveDC (hdc=0x18010800) returned 1 [0179.270] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2c04083a [0179.270] GetClipRgn (hdc=0x18010800, hrgn=0x2c04083a) returned 0 [0179.270] SelectClipRgn (hdc=0x18010800, hrgn=0x7b040228) returned 2 [0179.270] DeleteObject (ho=0x2c04083a) returned 1 [0179.270] DeleteObject (ho=0x7b040228) returned 1 [0179.270] OffsetViewportOrgEx (in: hdc=0x18010800, x=0, y=0, lppt=0x227bb80 | out: lppt=0x227bb80) returned 1 [0179.270] DrawThemeParentBackground () returned 0x0 [0179.270] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0179.270] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0179.270] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.270] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.271] GetSystemMetrics (nIndex=42) returned 0 [0179.271] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.271] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0179.271] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0179.271] GetCurrentObject (hdc=0x18010800, type=0x1) returned 0x1b00017 [0179.271] GetCurrentObject (hdc=0x18010800, type=0x2) returned 0x1900010 [0179.271] GetCurrentObject (hdc=0x18010800, type=0x7) returned 0xa05082d [0179.271] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.271] SaveDC (hdc=0x18010800) returned 2 [0179.271] GetNearestColor (hdc=0x18010800, color=0x0) returned 0x0 [0179.271] CreateSolidBrush (color=0x0) returned 0x3a10081f [0179.271] FillRect (hDC=0x18010800, lprc=0x29cb98, hbr=0x3a10081f) returned 1 [0179.271] DeleteObject (ho=0x3a10081f) returned 1 [0179.271] RestoreDC (hdc=0x18010800, nSavedDC=-1) returned 1 [0179.271] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.271] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.271] GetSystemMetrics (nIndex=42) returned 0 [0179.271] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.271] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0179.272] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0179.272] GetCurrentObject (hdc=0x18010800, type=0x1) returned 0x1b00017 [0179.272] GetCurrentObject (hdc=0x18010800, type=0x2) returned 0x1900010 [0179.272] GetCurrentObject (hdc=0x18010800, type=0x7) returned 0xa05082d [0179.272] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.272] SaveDC (hdc=0x18010800) returned 2 [0179.272] GetNearestColor (hdc=0x18010800, color=0x0) returned 0x0 [0179.272] CreateSolidBrush (color=0x0) returned 0x3b10081f [0179.272] FillRect (hDC=0x18010800, lprc=0x29cac8, hbr=0x3b10081f) returned 1 [0179.272] DeleteObject (ho=0x3b10081f) returned 1 [0179.272] RestoreDC (hdc=0x18010800, nSavedDC=-1) returned 1 [0179.272] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0179.272] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0179.272] GetSystemMetrics (nIndex=42) returned 0 [0179.272] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0179.272] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0179.272] RestoreDC (hdc=0x18010800, nSavedDC=-1) returned 1 [0179.272] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x18010800) returned 0x0 [0179.272] IsAppThemed () returned 0x1 [0179.273] GetThemeAppProperties () returned 0x3 [0179.273] GetThemeAppProperties () returned 0x3 [0179.273] IsAppThemed () returned 0x1 [0179.273] GetThemeAppProperties () returned 0x3 [0179.273] GetThemeAppProperties () returned 0x3 [0179.273] IsThemePartDefined () returned 0x1 [0179.273] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0179.273] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.273] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0179.273] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0179.273] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0179.273] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.273] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.273] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.273] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.273] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.273] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.280] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.280] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0179.280] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0179.280] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0179.280] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.280] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0179.280] GetCurrentObject (hdc=0x18010800, type=0x1) returned 0x1b00017 [0179.280] GetCurrentObject (hdc=0x18010800, type=0x2) returned 0x1900010 [0179.280] GetCurrentObject (hdc=0x18010800, type=0x7) returned 0xa05082d [0179.280] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.280] SaveDC (hdc=0x18010800) returned 1 [0179.280] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x7c040228 [0179.280] GetClipRgn (hdc=0x18010800, hrgn=0x7c040228) returned 0 [0179.281] SelectClipRgn (hdc=0x18010800, hrgn=0x2e04083a) returned 2 [0179.281] DeleteObject (ho=0x7c040228) returned 1 [0179.281] DeleteObject (ho=0x2e04083a) returned 1 [0179.281] OffsetViewportOrgEx (in: hdc=0x18010800, x=0, y=0, lppt=0x227cc88 | out: lppt=0x227cc88) returned 1 [0179.281] IsAppThemed () returned 0x1 [0179.281] GetThemeAppProperties () returned 0x3 [0179.281] GetThemeAppProperties () returned 0x3 [0179.281] DrawThemeBackground () returned 0x0 [0179.281] RestoreDC (hdc=0x18010800, nSavedDC=-1) returned 1 [0179.281] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x18010800) returned 0x0 [0179.281] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0179.281] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0179.281] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0179.281] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0179.281] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0179.281] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.281] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.281] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.281] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.281] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.282] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.282] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.282] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0179.282] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0179.282] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0179.282] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0179.282] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0179.282] GetCurrentObject (hdc=0x18010800, type=0x1) returned 0x1b00017 [0179.282] GetCurrentObject (hdc=0x18010800, type=0x2) returned 0x1900010 [0179.282] GetCurrentObject (hdc=0x18010800, type=0x7) returned 0xa05082d [0179.282] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.282] SaveDC (hdc=0x18010800) returned 1 [0179.282] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2f04083a [0179.282] GetClipRgn (hdc=0x18010800, hrgn=0x2f04083a) returned 0 [0179.282] SelectClipRgn (hdc=0x18010800, hrgn=0x7d040228) returned 2 [0179.282] DeleteObject (ho=0x2f04083a) returned 1 [0179.282] DeleteObject (ho=0x7d040228) returned 1 [0179.282] OffsetViewportOrgEx (in: hdc=0x18010800, x=0, y=0, lppt=0x227d160 | out: lppt=0x227d160) returned 1 [0179.282] IsAppThemed () returned 0x1 [0179.283] GetThemeAppProperties () returned 0x3 [0179.283] GetThemeAppProperties () returned 0x3 [0179.283] GetThemeBackgroundContentRect () returned 0x0 [0179.283] RestoreDC (hdc=0x18010800, nSavedDC=-1) returned 1 [0179.283] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x18010800) returned 0x0 [0179.283] IsAppThemed () returned 0x1 [0179.283] GetThemeAppProperties () returned 0x3 [0179.283] GetThemeAppProperties () returned 0x3 [0179.283] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0179.283] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0179.283] GetCurrentObject (hdc=0x18010800, type=0x1) returned 0x1b00017 [0179.283] GetCurrentObject (hdc=0x18010800, type=0x2) returned 0x1900010 [0179.283] GetCurrentObject (hdc=0x18010800, type=0x7) returned 0xa05082d [0179.283] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.283] SaveDC (hdc=0x18010800) returned 1 [0179.283] GetTextAlign (hdc=0x18010800) returned 0x0 [0179.283] GetTextColor (hdc=0x18010800) returned 0x0 [0179.283] SetTextColor (hdc=0x18010800, color=0x8b) returned 0x0 [0179.283] GetCurrentObject (hdc=0x18010800, type=0x6) returned 0x18a002e [0179.283] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0179.283] SelectObject (hdc=0x18010800, h=0x90a0819) returned 0x18a002e [0179.284] GetBkMode (hdc=0x18010800) returned 2 [0179.284] SetBkMode (hdc=0x18010800, mode=1) returned 2 [0179.284] DrawTextExW (in: hdc=0x18010800, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x227d7e8 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0179.284] DrawTextExW (in: hdc=0x18010800, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x227d7e8 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0179.284] RestoreDC (hdc=0x18010800, nSavedDC=-1) returned 1 [0179.284] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x18010800) returned 0x0 [0179.284] GetFocus () returned 0x201ba [0179.284] IsAppThemed () returned 0x1 [0179.284] GetThemeAppProperties () returned 0x3 [0179.284] GetThemeAppProperties () returned 0x3 [0179.284] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0179.284] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x18010800, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.284] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x18010800) returned 0x0 [0179.285] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.285] SelectObject (hdc=0x18010800, h=0x185000f) returned 0xa05082d [0179.285] DeleteDC (hdc=0x18010800) returned 1 [0179.285] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0179.285] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0179.285] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x227d950, cPoints=0x1 | out: lpPoints=0x227d950) returned 22938228 [0179.285] WindowFromPoint (Point=0x179000002fc) returned 0x201ba [0179.285] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.285] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0179.285] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0179.285] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0179.285] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0179.285] GetSystemMetrics (nIndex=42) returned 0 [0179.285] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad1c0 [0179.285] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad1c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0179.285] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad1c0) returned 0x158 [0179.285] CoTaskMemFree (pv=0x1a9ad1c0) [0179.286] OleSetClipboard (pDataObj=0x2dfc28) returned 0x0 [0179.295] OleFlushClipboard () returned 0x0 [0179.295] GlobalReAlloc (hMem=0x1bee00c8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00c8 [0179.295] GlobalLock (hMem=0x1bee00c8) returned 0x1a9acee0 [0179.295] RtlMoveMemory (in: Destination=0x1a9acee0, Source=0x227e838, Length=0x2b0 | out: Destination=0x1a9acee0) [0179.295] GlobalUnlock (hMem=0x1bee00c8) returned 0 [0179.295] GetCapture () returned 0x201ba [0179.296] ReleaseCapture () returned 1 [0179.296] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0179.296] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.296] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.296] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.296] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.296] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17902fc) returned 0x1 [0179.296] SetCursor (hCursor=0x10003) returned 0x10003 [0179.296] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.296] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.296] GetKeyState (nVirtKey=1) returned 1 [0179.296] GetKeyState (nVirtKey=2) returned 0 [0179.296] GetKeyState (nVirtKey=4) returned 0 [0179.296] GetKeyState (nVirtKey=5) returned 0 [0179.296] GetKeyState (nVirtKey=6) returned 0 [0179.296] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.296] IsWindowUnicode (hWnd=0x201bc) returned 1 [0179.296] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.296] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.296] DispatchMessageW (lpMsg=0x29ea50) returned 0x1 [0179.296] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0179.297] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.297] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x14, wParam=0x501080c, lParam=0x0) returned 0x1 [0179.297] SetTextColor (hdc=0x1a010825, color=0xa5ff) returned 0x0 [0179.297] SetBkColor (hdc=0x1a010825, color=0x0) returned 0xffffff [0179.298] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.298] IsWindowUnicode (hWnd=0x401da) returned 1 [0179.298] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.298] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.298] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.298] BeginPaint (in: hWnd=0x401da, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0x7010804 [0179.298] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0179.298] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0179.298] CreateCompatibleDC (hdc=0x7010804) returned 0x1d010800 [0179.298] GetObjectType (h=0x7010804) returned 0x3 [0179.298] CreateCompatibleBitmap (hdc=0x7010804, cx=1, cy=1) returned 0x17050821 [0179.299] GetDIBits (in: hdc=0x7010804, hbm=0x17050821, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0179.299] GetDIBits (in: hdc=0x7010804, hbm=0x17050821, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0179.299] DeleteObject (ho=0x17050821) returned 1 [0179.299] CreateDIBSection (in: hdc=0x7010804, lpbmi=0x29db08, usage=0x0, ppvBits=0x29e0c8, hSection=0x0, offset=0x0 | out: ppvBits=0x29e0c8) returned 0x17050820 [0179.299] SelectObject (hdc=0x1d010800, h=0x17050820) returned 0x185000f [0179.299] GdipCreateFromHDC (hdc=0x1d010800, graphics=0x29e048) returned 0x0 [0179.299] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0179.299] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=297, height=73, combineMode=0x0) returned 0x0 [0179.299] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0179.299] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0179.299] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0179.299] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.299] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0179.300] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.300] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0179.300] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0179.300] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0179.300] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29e150) returned 0x0 [0179.300] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29e1f0) returned 0x0 [0179.300] GetWindowTextLengthW (hWnd=0x401da) returned 8 [0179.300] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8 [0179.300] GetSystemMetrics (nIndex=42) returned 0 [0179.300] GetWindowTextW (in: hWnd=0x401da, lpString=0x29dfe0, nMaxCount=9 | out: lpString="BlackHat") returned 8 [0179.300] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xd, wParam=0x9, lParam=0x29dfe0) returned 0x8 [0179.300] GetClientRect (in: hWnd=0x401da, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0179.300] GdipCreateRegion (region=0x29dd80) returned 0x0 [0179.300] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ad30) returned 0x0 [0179.300] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0179.300] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0179.300] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0179.300] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.300] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.300] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.301] GdipCombineRegionRegion (region=0x1c34ad30, region2=0x1c34ac70, combineMode=0x1) returned 0x0 [0179.301] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0179.301] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0179.301] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0179.301] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0179.301] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de50) returned 0x0 [0179.301] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de10) returned 0x0 [0179.301] GdipGetRegionHRgn (region=0x1c34ad30, graphics=0x1bcbdb80, hRgn=0x29de10) returned 0x0 [0179.301] GdipDeleteRegion (region=0x1c34ad30) returned 0x0 [0179.301] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29de58) returned 0x0 [0179.301] GetCurrentObject (hdc=0x1d010800, type=0x1) returned 0x1b00017 [0179.301] GetCurrentObject (hdc=0x1d010800, type=0x2) returned 0x1900010 [0179.301] GetCurrentObject (hdc=0x1d010800, type=0x7) returned 0x17050820 [0179.301] GetCurrentObject (hdc=0x1d010800, type=0x6) returned 0x18a002e [0179.301] SaveDC (hdc=0x1d010800) returned 1 [0179.301] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x31040812 [0179.301] GetClipRgn (hdc=0x1d010800, hrgn=0x31040812) returned 0 [0179.301] SelectClipRgn (hdc=0x1d010800, hrgn=0x7f040228) returned 2 [0179.301] DeleteObject (ho=0x31040812) returned 1 [0179.302] DeleteObject (ho=0x7f040228) returned 1 [0179.302] OffsetViewportOrgEx (in: hdc=0x1d010800, x=0, y=0, lppt=0x22802e0 | out: lppt=0x22802e0) returned 1 [0179.302] GetNearestColor (hdc=0x1d010800, color=0x0) returned 0x0 [0179.302] CreateSolidBrush (color=0x0) returned 0x3c10081f [0179.302] FillRect (hDC=0x1d010800, lprc=0x29de88, hbr=0x3c10081f) returned 1 [0179.302] DeleteObject (ho=0x3c10081f) returned 1 [0179.302] RestoreDC (hdc=0x1d010800, nSavedDC=-1) returned 1 [0179.302] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010800) returned 0x0 [0179.303] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffda00dbd) returned 0x0 [0179.303] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0179.303] GetWindowTextLengthW (hWnd=0x401da) returned 8 [0179.303] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8 [0179.303] GetSystemMetrics (nIndex=42) returned 0 [0179.303] GetWindowTextW (in: hWnd=0x401da, lpString=0x29dfe0, nMaxCount=9 | out: lpString="BlackHat") returned 8 [0179.303] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xd, wParam=0x9, lParam=0x29dfe0) returned 0x8 [0179.303] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29dfe8) returned 0x0 [0179.303] GetCurrentObject (hdc=0x1d010800, type=0x1) returned 0x1b00017 [0179.303] GetCurrentObject (hdc=0x1d010800, type=0x2) returned 0x1900010 [0179.303] GetCurrentObject (hdc=0x1d010800, type=0x7) returned 0x17050820 [0179.303] GetCurrentObject (hdc=0x1d010800, type=0x6) returned 0x18a002e [0179.303] SaveDC (hdc=0x1d010800) returned 1 [0179.303] GetNearestColor (hdc=0x1d010800, color=0x8b) returned 0x8b [0179.303] RestoreDC (hdc=0x1d010800, nSavedDC=-1) returned 1 [0179.303] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010800) returned 0x0 [0179.304] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0179.304] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0179.304] SystemParametersInfoW (in: uiAction=0x100a, uiParam=0x0, pvParam=0x29dee8, fWinIni=0x0 | out: pvParam=0x29dee8) returned 1 [0179.304] SendMessageW (hWnd=0x501ac, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0 [0179.304] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0 [0179.304] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29def8) returned 0x0 [0179.304] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29ded8) returned 0x0 [0179.304] GetCurrentObject (hdc=0x1d010800, type=0x1) returned 0x1b00017 [0179.304] GetCurrentObject (hdc=0x1d010800, type=0x2) returned 0x1900010 [0179.304] GetCurrentObject (hdc=0x1d010800, type=0x7) returned 0x17050820 [0179.304] GetCurrentObject (hdc=0x1d010800, type=0x6) returned 0x18a002e [0179.304] SaveDC (hdc=0x1d010800) returned 1 [0179.304] GetTextAlign (hdc=0x1d010800) returned 0x0 [0179.304] GetTextColor (hdc=0x1d010800) returned 0x0 [0179.305] SetTextColor (hdc=0x1d010800, color=0x8b) returned 0x0 [0179.305] GetCurrentObject (hdc=0x1d010800, type=0x6) returned 0x18a002e [0179.305] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0179.305] SelectObject (hdc=0x1d010800, h=0x90a0809) returned 0x18a002e [0179.305] GetBkMode (hdc=0x1d010800) returned 2 [0179.305] SetBkMode (hdc=0x1d010800, mode=1) returned 2 [0179.305] DrawTextExW (in: hdc=0x1d010800, lpchText="BlackHat", cchText=8, lprc=0x29de68, format=0x100001, lpdtp=0x2280be8 | out: lpchText="BlackHat", lprc=0x29de68) returned 73 [0179.306] RestoreDC (hdc=0x1d010800, nSavedDC=-1) returned 1 [0179.306] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010800) returned 0x0 [0179.306] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29e108) returned 0x0 [0179.306] BitBlt (hdc=0x7010804, x=0, y=0, cx=297, cy=73, hdcSrc=0x1d010800, x1=0, y1=0, rop=0xcc0020) returned 1 [0179.307] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010800) returned 0x0 [0179.307] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0179.307] SelectObject (hdc=0x1d010800, h=0x185000f) returned 0x17050820 [0179.307] DeleteDC (hdc=0x1d010800) returned 1 [0179.307] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0179.307] DeleteObject (ho=0x17050820) returned 1 [0179.307] EndPaint (hWnd=0x401da, lpPaint=0x29e0e8) returned 1 [0179.307] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.308] IsWindowUnicode (hWnd=0x201e4) returned 1 [0179.308] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.308] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.308] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.308] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.308] IsWindowUnicode (hWnd=0x201e2) returned 1 [0179.308] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.308] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.308] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.308] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0179.308] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0179.308] WaitMessage () returned 1 [0179.353] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.353] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.353] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.353] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.353] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.353] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.353] IsWindowUnicode (hWnd=0x201ba) returned 1 [0179.353] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0179.353] TranslateMessage (lpMsg=0x29ea50) returned 0 [0179.353] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0179.353] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x2a1, wParam=0x0, lParam=0x1b0088) returned 0x0 [0179.353] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0179.353] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0179.353] WaitMessage () returned 1 [0180.576] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0180.576] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0180.660] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0180.660] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0180.660] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0180.660] WaitMessage () returned 1 [0182.834] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.834] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f0304) returned 0x1 [0182.834] IsWindowUnicode (hWnd=0x201ba) returned 1 [0182.834] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.834] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f0304) returned 0x1 [0182.835] SetCursor (hCursor=0x10003) returned 0x10003 [0182.835] TranslateMessage (lpMsg=0x29ea50) returned 0 [0182.835] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0182.835] GetKeyState (nVirtKey=1) returned 1 [0182.835] GetKeyState (nVirtKey=2) returned 0 [0182.835] GetKeyState (nVirtKey=4) returned 0 [0182.835] GetKeyState (nVirtKey=5) returned 0 [0182.835] GetKeyState (nVirtKey=6) returned 0 [0182.835] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.835] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f0304) returned 0x1 [0182.835] IsWindowUnicode (hWnd=0x201ba) returned 1 [0182.835] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.835] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f0304) returned 0x1 [0182.835] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0182.835] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xd201a0) returned 0x0 [0182.835] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0182.835] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0182.835] SetCursor (hCursor=0x10003) returned 0x10003 [0182.835] TranslateMessage (lpMsg=0x29ea50) returned 0 [0182.835] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0182.835] GetKeyState (nVirtKey=1) returned -128 [0182.835] GetKeyState (nVirtKey=2) returned 0 [0182.836] GetKeyState (nVirtKey=4) returned 0 [0182.836] GetKeyState (nVirtKey=5) returned 0 [0182.836] GetKeyState (nVirtKey=6) returned 0 [0182.836] IsWindowVisible (hWnd=0x201ba) returned 1 [0182.836] IsWindowEnabled (hWnd=0x201ba) returned 1 [0182.836] SetFocus (hWnd=0x201ba) returned 0x201ba [0182.836] GetFocus () returned 0x201ba [0182.836] GetFocus () returned 0x201ba [0182.836] GetFocus () returned 0x201ba [0182.836] GetKeyState (nVirtKey=1) returned -128 [0182.836] GetKeyState (nVirtKey=2) returned 0 [0182.836] GetKeyState (nVirtKey=4) returned 0 [0182.836] GetKeyState (nVirtKey=5) returned 0 [0182.836] GetKeyState (nVirtKey=6) returned 0 [0182.836] GetCapture () returned 0x0 [0182.836] SetCapture (hWnd=0x201ba) returned 0x0 [0182.836] GetKeyState (nVirtKey=1) returned -128 [0182.836] GetKeyState (nVirtKey=2) returned 0 [0182.836] GetKeyState (nVirtKey=4) returned 0 [0182.836] GetKeyState (nVirtKey=5) returned 0 [0182.836] GetKeyState (nVirtKey=6) returned 0 [0182.836] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0182.836] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0182.836] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.836] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.836] TranslateMessage (lpMsg=0x29ea50) returned 0 [0182.836] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0182.836] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.836] IsWindowUnicode (hWnd=0x201ba) returned 1 [0182.836] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0182.836] TranslateMessage (lpMsg=0x29ea50) returned 0 [0182.836] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0182.836] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2280d98, cPoints=0x1 | out: lpPoints=0x2280d98) returned 22938228 [0182.836] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0182.837] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0182.837] UpdateWindow (hWnd=0x201ba) returned 1 [0182.837] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0182.837] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0182.837] CreateCompatibleDC (hdc=0x501080c) returned 0x1a010821 [0182.837] SelectObject (hdc=0x1a010821, h=0xa05082d) returned 0x185000f [0182.837] GdipCreateFromHDC (hdc=0x1a010821, graphics=0x29da18) returned 0x0 [0182.837] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0182.837] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0182.837] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0182.837] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0182.837] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0182.837] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0182.837] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0182.837] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0182.837] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0182.837] GdipCreateRegion (region=0x29da40) returned 0x0 [0182.837] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0182.837] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0182.837] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0182.837] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd9e0dbd) returned 0x0 [0182.838] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0182.838] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0182.838] GetCurrentObject (hdc=0x1a010821, type=0x1) returned 0x1b00017 [0182.838] GetCurrentObject (hdc=0x1a010821, type=0x2) returned 0x1900010 [0182.838] GetCurrentObject (hdc=0x1a010821, type=0x7) returned 0xa05082d [0182.868] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0182.965] SaveDC (hdc=0x1a010821) returned 1 [0182.965] GetNearestColor (hdc=0x1a010821, color=0x0) returned 0x0 [0182.965] GetNearestColor (hdc=0x1a010821, color=0x0) returned 0x0 [0182.965] GetNearestColor (hdc=0x1a010821, color=0x0) returned 0x0 [0182.966] GetNearestColor (hdc=0x1a010821, color=0x989898) returned 0x989898 [0182.966] GetNearestColor (hdc=0x1a010821, color=0x8b) returned 0x8b [0182.966] GetNearestColor (hdc=0x1a010821, color=0x7f7f7f) returned 0x7f7f7f [0182.966] GetNearestColor (hdc=0x1a010821, color=0x989898) returned 0x989898 [0182.966] GetNearestColor (hdc=0x1a010821, color=0x0) returned 0x0 [0182.966] GetNearestColor (hdc=0x1a010821, color=0x8b) returned 0x8b [0182.966] RestoreDC (hdc=0x1a010821, nSavedDC=-1) returned 1 [0182.966] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1a010821) returned 0x0 [0182.966] IsAppThemed () returned 0x1 [0182.966] GetThemeAppProperties () returned 0x3 [0182.966] GetThemeAppProperties () returned 0x3 [0182.966] IsAppThemed () returned 0x1 [0182.966] GetThemeAppProperties () returned 0x3 [0182.966] GetThemeAppProperties () returned 0x3 [0182.966] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x2281970 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0183.038] IsAppThemed () returned 0x1 [0183.038] GetThemeAppProperties () returned 0x3 [0183.038] GetThemeAppProperties () returned 0x3 [0183.038] IsAppThemed () returned 0x1 [0183.038] GetThemeAppProperties () returned 0x3 [0183.038] GetThemeAppProperties () returned 0x3 [0183.038] IsAppThemed () returned 0x1 [0183.038] GetThemeAppProperties () returned 0x3 [0183.038] GetThemeAppProperties () returned 0x3 [0183.038] IsAppThemed () returned 0x1 [0183.038] GetThemeAppProperties () returned 0x3 [0183.039] GetThemeAppProperties () returned 0x3 [0183.039] IsThemePartDefined () returned 0x1 [0183.039] IsAppThemed () returned 0x1 [0183.039] GetThemeAppProperties () returned 0x3 [0183.039] GetThemeAppProperties () returned 0x3 [0183.039] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0183.039] IsAppThemed () returned 0x1 [0183.039] GetThemeAppProperties () returned 0x3 [0183.039] GetThemeAppProperties () returned 0x3 [0183.039] IsAppThemed () returned 0x1 [0183.039] GetThemeAppProperties () returned 0x3 [0183.039] GetThemeAppProperties () returned 0x3 [0183.039] IsThemePartDefined () returned 0x1 [0183.039] GdipCreateRegion (region=0x29d520) returned 0x0 [0183.039] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0183.039] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0183.039] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0183.039] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0183.039] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0183.039] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0183.039] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0183.039] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0183.039] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0183.039] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0183.039] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0183.039] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0183.039] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0183.039] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0183.039] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0183.040] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0183.040] GetCurrentObject (hdc=0x1a010821, type=0x1) returned 0x1b00017 [0183.040] GetCurrentObject (hdc=0x1a010821, type=0x2) returned 0x1900010 [0183.040] GetCurrentObject (hdc=0x1a010821, type=0x7) returned 0xa05082d [0183.040] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0183.040] SaveDC (hdc=0x1a010821) returned 1 [0183.040] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff80040228 [0183.040] GetClipRgn (hdc=0x1a010821, hrgn=0xffffffff80040228) returned 0 [0183.040] SelectClipRgn (hdc=0x1a010821, hrgn=0x34040812) returned 2 [0183.040] DeleteObject (ho=0xffffffff80040228) returned 1 [0183.040] DeleteObject (ho=0x34040812) returned 1 [0183.040] OffsetViewportOrgEx (in: hdc=0x1a010821, x=0, y=0, lppt=0x2282358 | out: lppt=0x2282358) returned 1 [0183.040] DrawThemeParentBackground () returned 0x0 [0183.040] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0183.040] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0183.040] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0183.040] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0183.040] GetSystemMetrics (nIndex=42) returned 0 [0183.040] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0183.040] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0183.040] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x1) returned 0x1b00017 [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x2) returned 0x1900010 [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x7) returned 0xa05082d [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0183.041] SaveDC (hdc=0x1a010821) returned 2 [0183.041] GetNearestColor (hdc=0x1a010821, color=0x0) returned 0x0 [0183.041] CreateSolidBrush (color=0x0) returned 0x3d10081f [0183.041] FillRect (hDC=0x1a010821, lprc=0x29cb98, hbr=0x3d10081f) returned 1 [0183.041] DeleteObject (ho=0x3d10081f) returned 1 [0183.041] RestoreDC (hdc=0x1a010821, nSavedDC=-1) returned 1 [0183.041] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0183.041] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0183.041] GetSystemMetrics (nIndex=42) returned 0 [0183.041] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0183.041] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0183.041] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x1) returned 0x1b00017 [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x2) returned 0x1900010 [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x7) returned 0xa05082d [0183.041] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0183.041] SaveDC (hdc=0x1a010821) returned 2 [0183.042] GetNearestColor (hdc=0x1a010821, color=0x0) returned 0x0 [0183.042] CreateSolidBrush (color=0x0) returned 0x3e10081f [0183.042] FillRect (hDC=0x1a010821, lprc=0x29cac8, hbr=0x3e10081f) returned 1 [0183.042] DeleteObject (ho=0x3e10081f) returned 1 [0183.042] RestoreDC (hdc=0x1a010821, nSavedDC=-1) returned 1 [0183.042] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0183.042] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0183.042] GetSystemMetrics (nIndex=42) returned 0 [0183.042] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0183.042] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0183.042] RestoreDC (hdc=0x1a010821, nSavedDC=-1) returned 1 [0183.042] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1a010821) returned 0x0 [0183.042] IsAppThemed () returned 0x1 [0183.042] GetThemeAppProperties () returned 0x3 [0183.042] GetThemeAppProperties () returned 0x3 [0183.042] IsAppThemed () returned 0x1 [0183.042] GetThemeAppProperties () returned 0x3 [0183.042] GetThemeAppProperties () returned 0x3 [0183.042] IsThemePartDefined () returned 0x1 [0183.042] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0183.042] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0183.042] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0183.042] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0183.042] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0183.043] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0183.043] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0183.043] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0183.043] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0183.043] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0183.043] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0183.043] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0183.043] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0183.043] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0183.043] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0183.043] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0183.043] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0183.043] GetCurrentObject (hdc=0x1a010821, type=0x1) returned 0x1b00017 [0183.043] GetCurrentObject (hdc=0x1a010821, type=0x2) returned 0x1900010 [0183.043] GetCurrentObject (hdc=0x1a010821, type=0x7) returned 0xa05082d [0183.043] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0183.043] SaveDC (hdc=0x1a010821) returned 1 [0183.043] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x35040812 [0183.043] GetClipRgn (hdc=0x1a010821, hrgn=0x35040812) returned 0 [0183.043] SelectClipRgn (hdc=0x1a010821, hrgn=0xffffffff82040228) returned 2 [0183.043] DeleteObject (ho=0x35040812) returned 1 [0183.043] DeleteObject (ho=0xffffffff82040228) returned 1 [0183.043] OffsetViewportOrgEx (in: hdc=0x1a010821, x=0, y=0, lppt=0x2283460 | out: lppt=0x2283460) returned 1 [0183.044] IsAppThemed () returned 0x1 [0183.044] GetThemeAppProperties () returned 0x3 [0183.044] GetThemeAppProperties () returned 0x3 [0183.044] DrawThemeBackground () returned 0x0 [0183.044] RestoreDC (hdc=0x1a010821, nSavedDC=-1) returned 1 [0183.044] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1a010821) returned 0x0 [0183.044] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0183.044] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0183.044] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0183.044] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0183.044] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0183.044] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0183.044] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0183.044] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0183.044] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0183.044] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0183.044] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0183.044] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0183.044] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0183.044] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0183.044] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0183.044] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0183.044] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0183.044] GetCurrentObject (hdc=0x1a010821, type=0x1) returned 0x1b00017 [0183.044] GetCurrentObject (hdc=0x1a010821, type=0x2) returned 0x1900010 [0183.045] GetCurrentObject (hdc=0x1a010821, type=0x7) returned 0xa05082d [0183.045] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0183.045] SaveDC (hdc=0x1a010821) returned 1 [0183.045] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff83040228 [0183.045] GetClipRgn (hdc=0x1a010821, hrgn=0xffffffff83040228) returned 0 [0183.045] SelectClipRgn (hdc=0x1a010821, hrgn=0x36040812) returned 2 [0183.045] DeleteObject (ho=0xffffffff83040228) returned 1 [0183.045] DeleteObject (ho=0x36040812) returned 1 [0183.045] OffsetViewportOrgEx (in: hdc=0x1a010821, x=0, y=0, lppt=0x2283938 | out: lppt=0x2283938) returned 1 [0183.045] IsAppThemed () returned 0x1 [0183.045] GetThemeAppProperties () returned 0x3 [0183.045] GetThemeAppProperties () returned 0x3 [0183.045] GetThemeBackgroundContentRect () returned 0x0 [0183.045] RestoreDC (hdc=0x1a010821, nSavedDC=-1) returned 1 [0183.045] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1a010821) returned 0x0 [0183.045] IsAppThemed () returned 0x1 [0183.045] GetThemeAppProperties () returned 0x3 [0183.045] GetThemeAppProperties () returned 0x3 [0183.045] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0183.045] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0183.045] GetCurrentObject (hdc=0x1a010821, type=0x1) returned 0x1b00017 [0183.045] GetCurrentObject (hdc=0x1a010821, type=0x2) returned 0x1900010 [0183.045] GetCurrentObject (hdc=0x1a010821, type=0x7) returned 0xa05082d [0183.045] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0183.045] SaveDC (hdc=0x1a010821) returned 1 [0183.046] GetTextAlign (hdc=0x1a010821) returned 0x0 [0183.046] GetTextColor (hdc=0x1a010821) returned 0x0 [0183.046] SetTextColor (hdc=0x1a010821, color=0x8b) returned 0x0 [0183.046] GetCurrentObject (hdc=0x1a010821, type=0x6) returned 0x18a002e [0183.046] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0183.046] SelectObject (hdc=0x1a010821, h=0x90a0819) returned 0x18a002e [0183.046] GetBkMode (hdc=0x1a010821) returned 2 [0183.046] SetBkMode (hdc=0x1a010821, mode=1) returned 2 [0183.046] DrawTextExW (in: hdc=0x1a010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x2283fc0 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0183.046] DrawTextExW (in: hdc=0x1a010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x2283fc0 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0183.046] RestoreDC (hdc=0x1a010821, nSavedDC=-1) returned 1 [0183.046] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1a010821) returned 0x0 [0183.046] GetFocus () returned 0x201ba [0183.046] IsAppThemed () returned 0x1 [0183.046] GetThemeAppProperties () returned 0x3 [0183.046] GetThemeAppProperties () returned 0x3 [0183.046] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0183.046] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x1a010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0183.046] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1a010821) returned 0x0 [0183.047] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0183.047] SelectObject (hdc=0x1a010821, h=0x185000f) returned 0xa05082d [0183.047] DeleteDC (hdc=0x1a010821) returned 1 [0183.047] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0183.047] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0183.047] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2284128, cPoints=0x1 | out: lpPoints=0x2284128) returned 22938228 [0183.047] WindowFromPoint (Point=0x17f00000304) returned 0x201ba [0183.047] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f0304) returned 0x1 [0183.047] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0183.047] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0183.047] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0183.047] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0183.047] GetSystemMetrics (nIndex=42) returned 0 [0183.047] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad1c0 [0183.047] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad1c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0183.047] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad1c0) returned 0x158 [0183.047] CoTaskMemFree (pv=0x1a9ad1c0) [0183.048] OleSetClipboard (pDataObj=0x2dfb28) returned 0x0 [0183.058] OleFlushClipboard () returned 0x0 [0183.058] GlobalReAlloc (hMem=0x1bee00d8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00d8 [0183.058] GlobalLock (hMem=0x1bee00d8) returned 0x1a9ad6e0 [0183.058] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x2285010, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0183.058] GlobalUnlock (hMem=0x1bee00d8) returned 0 [0183.059] GetCapture () returned 0x201ba [0183.059] ReleaseCapture () returned 1 [0183.059] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0183.059] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0183.059] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f0304) returned 0x1 [0183.059] IsWindowUnicode (hWnd=0x201ba) returned 1 [0183.060] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0183.060] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17f0304) returned 0x1 [0183.060] SetCursor (hCursor=0x10003) returned 0x10003 [0183.060] TranslateMessage (lpMsg=0x29ea50) returned 0 [0183.060] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0183.060] GetKeyState (nVirtKey=1) returned 0 [0183.060] GetKeyState (nVirtKey=2) returned 0 [0183.060] GetKeyState (nVirtKey=4) returned 0 [0183.060] GetKeyState (nVirtKey=5) returned 0 [0183.060] GetKeyState (nVirtKey=6) returned 0 [0183.060] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0183.060] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0183.060] WaitMessage () returned 1 [0183.061] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0183.061] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0183.061] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0183.061] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0183.061] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0183.061] WaitMessage () returned 1 [0184.584] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0184.584] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0184.585] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0184.585] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0184.585] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0184.585] WaitMessage () returned 1 [0185.188] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0185.189] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17d02b0) returned 0x1 [0185.189] IsWindowUnicode (hWnd=0x201ba) returned 1 [0185.189] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0185.189] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17d02b0) returned 0x1 [0185.189] SetCursor (hCursor=0x10003) returned 0x10003 [0185.189] TranslateMessage (lpMsg=0x29ea50) returned 0 [0185.189] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0185.189] GetKeyState (nVirtKey=1) returned 0 [0185.189] GetKeyState (nVirtKey=2) returned 0 [0185.189] GetKeyState (nVirtKey=4) returned 0 [0185.189] GetKeyState (nVirtKey=5) returned 0 [0185.189] GetKeyState (nVirtKey=6) returned 0 [0185.189] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0185.189] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0185.189] WaitMessage () returned 1 [0186.020] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.020] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17d02b0) returned 0x1 [0186.020] IsWindowUnicode (hWnd=0x201ba) returned 1 [0186.020] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.020] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17d02b0) returned 0x1 [0186.020] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0186.020] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xd0014c) returned 0x0 [0186.020] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0186.020] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0186.020] SetCursor (hCursor=0x10003) returned 0x10003 [0186.020] TranslateMessage (lpMsg=0x29ea50) returned 0 [0186.020] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0186.020] GetKeyState (nVirtKey=1) returned -127 [0186.020] GetKeyState (nVirtKey=2) returned 0 [0186.020] GetKeyState (nVirtKey=4) returned 0 [0186.020] GetKeyState (nVirtKey=5) returned 0 [0186.020] GetKeyState (nVirtKey=6) returned 0 [0186.020] IsWindowVisible (hWnd=0x201ba) returned 1 [0186.020] IsWindowEnabled (hWnd=0x201ba) returned 1 [0186.020] SetFocus (hWnd=0x201ba) returned 0x201ba [0186.020] GetFocus () returned 0x201ba [0186.020] GetFocus () returned 0x201ba [0186.020] GetFocus () returned 0x201ba [0186.020] GetKeyState (nVirtKey=1) returned -127 [0186.020] GetKeyState (nVirtKey=2) returned 0 [0186.020] GetKeyState (nVirtKey=4) returned 0 [0186.020] GetKeyState (nVirtKey=5) returned 0 [0186.020] GetKeyState (nVirtKey=6) returned 0 [0186.020] GetCapture () returned 0x0 [0186.021] SetCapture (hWnd=0x201ba) returned 0x0 [0186.021] GetKeyState (nVirtKey=1) returned -127 [0186.021] GetKeyState (nVirtKey=2) returned 0 [0186.021] GetKeyState (nVirtKey=4) returned 0 [0186.021] GetKeyState (nVirtKey=5) returned 0 [0186.021] GetKeyState (nVirtKey=6) returned 0 [0186.021] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0186.021] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0186.021] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.021] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.021] TranslateMessage (lpMsg=0x29ea50) returned 0 [0186.021] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0186.021] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.021] IsWindowUnicode (hWnd=0x201ba) returned 1 [0186.021] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.021] TranslateMessage (lpMsg=0x29ea50) returned 0 [0186.021] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0186.021] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2285460, cPoints=0x1 | out: lpPoints=0x2285460) returned 22938228 [0186.021] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0186.021] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0186.021] UpdateWindow (hWnd=0x201ba) returned 1 [0186.021] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0186.021] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0186.021] CreateCompatibleDC (hdc=0x501080c) returned 0x1b010821 [0186.021] SelectObject (hdc=0x1b010821, h=0xa05082d) returned 0x185000f [0186.021] GdipCreateFromHDC (hdc=0x1b010821, graphics=0x29da18) returned 0x0 [0186.021] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0186.021] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0186.021] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0186.022] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0186.022] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0186.022] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0186.022] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0186.022] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0186.022] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0186.022] GdipCreateRegion (region=0x29da40) returned 0x0 [0186.022] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0186.022] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0186.022] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0186.022] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd9c0dbd) returned 0x0 [0186.022] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0186.022] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0186.022] GetCurrentObject (hdc=0x1b010821, type=0x1) returned 0x1b00017 [0186.022] GetCurrentObject (hdc=0x1b010821, type=0x2) returned 0x1900010 [0186.022] GetCurrentObject (hdc=0x1b010821, type=0x7) returned 0xa05082d [0186.022] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.022] SaveDC (hdc=0x1b010821) returned 1 [0186.022] GetNearestColor (hdc=0x1b010821, color=0x0) returned 0x0 [0186.022] GetNearestColor (hdc=0x1b010821, color=0x0) returned 0x0 [0186.022] GetNearestColor (hdc=0x1b010821, color=0x0) returned 0x0 [0186.023] GetNearestColor (hdc=0x1b010821, color=0x989898) returned 0x989898 [0186.023] GetNearestColor (hdc=0x1b010821, color=0x8b) returned 0x8b [0186.023] GetNearestColor (hdc=0x1b010821, color=0x7f7f7f) returned 0x7f7f7f [0186.023] GetNearestColor (hdc=0x1b010821, color=0x989898) returned 0x989898 [0186.023] GetNearestColor (hdc=0x1b010821, color=0x0) returned 0x0 [0186.023] GetNearestColor (hdc=0x1b010821, color=0x8b) returned 0x8b [0186.023] RestoreDC (hdc=0x1b010821, nSavedDC=-1) returned 1 [0186.023] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1b010821) returned 0x0 [0186.023] IsAppThemed () returned 0x1 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] IsAppThemed () returned 0x1 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x2286038 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0186.023] IsAppThemed () returned 0x1 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] IsAppThemed () returned 0x1 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] IsAppThemed () returned 0x1 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] IsAppThemed () returned 0x1 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] GetThemeAppProperties () returned 0x3 [0186.023] IsThemePartDefined () returned 0x1 [0186.023] IsAppThemed () returned 0x1 [0186.024] GetThemeAppProperties () returned 0x3 [0186.024] GetThemeAppProperties () returned 0x3 [0186.024] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0186.024] IsAppThemed () returned 0x1 [0186.024] GetThemeAppProperties () returned 0x3 [0186.024] GetThemeAppProperties () returned 0x3 [0186.024] IsAppThemed () returned 0x1 [0186.024] GetThemeAppProperties () returned 0x3 [0186.024] GetThemeAppProperties () returned 0x3 [0186.024] IsThemePartDefined () returned 0x1 [0186.024] GdipCreateRegion (region=0x29d520) returned 0x0 [0186.024] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0186.024] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0186.024] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0186.024] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0186.024] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0186.024] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0186.024] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0186.024] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0186.024] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0186.024] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0186.024] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0186.024] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0186.024] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0186.024] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0186.024] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0186.024] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0186.024] GetCurrentObject (hdc=0x1b010821, type=0x1) returned 0x1b00017 [0186.024] GetCurrentObject (hdc=0x1b010821, type=0x2) returned 0x1900010 [0186.024] GetCurrentObject (hdc=0x1b010821, type=0x7) returned 0xa05082d [0186.024] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.025] SaveDC (hdc=0x1b010821) returned 1 [0186.025] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x37040812 [0186.025] GetClipRgn (hdc=0x1b010821, hrgn=0x37040812) returned 0 [0186.025] SelectClipRgn (hdc=0x1b010821, hrgn=0xffffffff87040228) returned 2 [0186.025] DeleteObject (ho=0x37040812) returned 1 [0186.025] DeleteObject (ho=0xffffffff87040228) returned 1 [0186.025] OffsetViewportOrgEx (in: hdc=0x1b010821, x=0, y=0, lppt=0x2286a20 | out: lppt=0x2286a20) returned 1 [0186.025] DrawThemeParentBackground () returned 0x0 [0186.025] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0186.025] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0186.025] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0186.025] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0186.025] GetSystemMetrics (nIndex=42) returned 0 [0186.025] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0186.025] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0186.025] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0186.025] GetCurrentObject (hdc=0x1b010821, type=0x1) returned 0x1b00017 [0186.025] GetCurrentObject (hdc=0x1b010821, type=0x2) returned 0x1900010 [0186.025] GetCurrentObject (hdc=0x1b010821, type=0x7) returned 0xa05082d [0186.025] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.025] SaveDC (hdc=0x1b010821) returned 2 [0186.025] GetNearestColor (hdc=0x1b010821, color=0x0) returned 0x0 [0186.025] CreateSolidBrush (color=0x0) returned 0x3f10081f [0186.026] FillRect (hDC=0x1b010821, lprc=0x29cb98, hbr=0x3f10081f) returned 1 [0186.026] DeleteObject (ho=0x3f10081f) returned 1 [0186.026] RestoreDC (hdc=0x1b010821, nSavedDC=-1) returned 1 [0186.026] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0186.026] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0186.026] GetSystemMetrics (nIndex=42) returned 0 [0186.026] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0186.026] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0186.026] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0186.026] GetCurrentObject (hdc=0x1b010821, type=0x1) returned 0x1b00017 [0186.026] GetCurrentObject (hdc=0x1b010821, type=0x2) returned 0x1900010 [0186.026] GetCurrentObject (hdc=0x1b010821, type=0x7) returned 0xa05082d [0186.026] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.026] SaveDC (hdc=0x1b010821) returned 2 [0186.026] GetNearestColor (hdc=0x1b010821, color=0x0) returned 0x0 [0186.026] CreateSolidBrush (color=0x0) returned 0x4010081f [0186.026] FillRect (hDC=0x1b010821, lprc=0x29cac8, hbr=0x4010081f) returned 1 [0186.026] DeleteObject (ho=0x4010081f) returned 1 [0186.026] RestoreDC (hdc=0x1b010821, nSavedDC=-1) returned 1 [0186.026] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0186.026] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0186.026] GetSystemMetrics (nIndex=42) returned 0 [0186.027] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0186.027] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0186.027] RestoreDC (hdc=0x1b010821, nSavedDC=-1) returned 1 [0186.027] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1b010821) returned 0x0 [0186.027] IsAppThemed () returned 0x1 [0186.027] GetThemeAppProperties () returned 0x3 [0186.027] GetThemeAppProperties () returned 0x3 [0186.027] IsAppThemed () returned 0x1 [0186.027] GetThemeAppProperties () returned 0x3 [0186.027] GetThemeAppProperties () returned 0x3 [0186.027] IsThemePartDefined () returned 0x1 [0186.027] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0186.027] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0186.027] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0186.027] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0186.027] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0186.027] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0186.027] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0186.027] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0186.027] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0186.027] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0186.027] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0186.027] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0186.027] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0186.027] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0186.027] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0186.027] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0186.027] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0186.028] GetCurrentObject (hdc=0x1b010821, type=0x1) returned 0x1b00017 [0186.028] GetCurrentObject (hdc=0x1b010821, type=0x2) returned 0x1900010 [0186.028] GetCurrentObject (hdc=0x1b010821, type=0x7) returned 0xa05082d [0186.028] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.028] SaveDC (hdc=0x1b010821) returned 1 [0186.028] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff88040228 [0186.028] GetClipRgn (hdc=0x1b010821, hrgn=0xffffffff88040228) returned 0 [0186.028] SelectClipRgn (hdc=0x1b010821, hrgn=0x39040812) returned 2 [0186.028] DeleteObject (ho=0xffffffff88040228) returned 1 [0186.028] DeleteObject (ho=0x39040812) returned 1 [0186.028] OffsetViewportOrgEx (in: hdc=0x1b010821, x=0, y=0, lppt=0x2287b28 | out: lppt=0x2287b28) returned 1 [0186.028] IsAppThemed () returned 0x1 [0186.028] GetThemeAppProperties () returned 0x3 [0186.028] GetThemeAppProperties () returned 0x3 [0186.028] DrawThemeBackground () returned 0x0 [0186.028] RestoreDC (hdc=0x1b010821, nSavedDC=-1) returned 1 [0186.028] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1b010821) returned 0x0 [0186.028] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0186.029] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0186.029] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0186.029] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0186.029] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0186.029] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0186.029] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0186.029] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0186.029] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0186.029] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0186.029] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0186.029] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0186.029] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0186.029] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0186.029] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0186.029] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0186.029] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0186.029] GetCurrentObject (hdc=0x1b010821, type=0x1) returned 0x1b00017 [0186.029] GetCurrentObject (hdc=0x1b010821, type=0x2) returned 0x1900010 [0186.029] GetCurrentObject (hdc=0x1b010821, type=0x7) returned 0xa05082d [0186.030] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.030] SaveDC (hdc=0x1b010821) returned 1 [0186.030] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3a040812 [0186.030] GetClipRgn (hdc=0x1b010821, hrgn=0x3a040812) returned 0 [0186.063] SelectClipRgn (hdc=0x1b010821, hrgn=0xffffffff89040228) returned 2 [0186.063] DeleteObject (ho=0x3a040812) returned 1 [0186.063] DeleteObject (ho=0xffffffff89040228) returned 1 [0186.063] OffsetViewportOrgEx (in: hdc=0x1b010821, x=0, y=0, lppt=0x2288000 | out: lppt=0x2288000) returned 1 [0186.063] IsAppThemed () returned 0x1 [0186.063] GetThemeAppProperties () returned 0x3 [0186.064] GetThemeAppProperties () returned 0x3 [0186.064] GetThemeBackgroundContentRect () returned 0x0 [0186.064] RestoreDC (hdc=0x1b010821, nSavedDC=-1) returned 1 [0186.065] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1b010821) returned 0x0 [0186.065] IsAppThemed () returned 0x1 [0186.065] GetThemeAppProperties () returned 0x3 [0186.065] GetThemeAppProperties () returned 0x3 [0186.065] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0186.065] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0186.065] GetCurrentObject (hdc=0x1b010821, type=0x1) returned 0x1b00017 [0186.065] GetCurrentObject (hdc=0x1b010821, type=0x2) returned 0x1900010 [0186.065] GetCurrentObject (hdc=0x1b010821, type=0x7) returned 0xa05082d [0186.066] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.066] SaveDC (hdc=0x1b010821) returned 1 [0186.066] GetTextAlign (hdc=0x1b010821) returned 0x0 [0186.066] GetTextColor (hdc=0x1b010821) returned 0x0 [0186.066] SetTextColor (hdc=0x1b010821, color=0x8b) returned 0x0 [0186.067] GetCurrentObject (hdc=0x1b010821, type=0x6) returned 0x18a002e [0186.067] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0186.067] SelectObject (hdc=0x1b010821, h=0x90a0819) returned 0x18a002e [0186.067] GetBkMode (hdc=0x1b010821) returned 2 [0186.068] SetBkMode (hdc=0x1b010821, mode=1) returned 2 [0186.070] DrawTextExW (in: hdc=0x1b010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x2288688 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0186.134] DrawTextExW (in: hdc=0x1b010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x2288688 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0186.134] RestoreDC (hdc=0x1b010821, nSavedDC=-1) returned 1 [0186.153] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1b010821) returned 0x0 [0186.153] GetFocus () returned 0x201ba [0186.153] IsAppThemed () returned 0x1 [0186.153] GetThemeAppProperties () returned 0x3 [0186.153] GetThemeAppProperties () returned 0x3 [0186.153] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0186.154] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x1b010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0186.160] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1b010821) returned 0x0 [0186.160] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0186.160] SelectObject (hdc=0x1b010821, h=0x185000f) returned 0xa05082d [0186.160] DeleteDC (hdc=0x1b010821) returned 1 [0186.160] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0186.160] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0186.161] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22887f0, cPoints=0x1 | out: lpPoints=0x22887f0) returned 22938228 [0186.161] WindowFromPoint (Point=0x17d000002b0) returned 0x201ba [0186.161] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17d02b0) returned 0x1 [0186.161] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0186.161] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0186.161] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0186.161] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0186.161] GetSystemMetrics (nIndex=42) returned 0 [0186.161] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad9c0 [0186.161] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad9c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0186.161] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad9c0) returned 0x158 [0186.161] CoTaskMemFree (pv=0x1a9ad9c0) [0186.163] OleSetClipboard (pDataObj=0x2dfa28) returned 0x0 [0186.393] OleFlushClipboard () returned 0x0 [0186.393] GlobalReAlloc (hMem=0x1bee00e8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00e8 [0186.393] GlobalLock (hMem=0x1bee00e8) returned 0x1a9ad6e0 [0186.393] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x22896d8, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0186.393] GlobalUnlock (hMem=0x1bee00e8) returned 0 [0186.394] GetCapture () returned 0x201ba [0186.394] ReleaseCapture () returned 1 [0186.394] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0186.394] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.394] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17d02b0) returned 0x1 [0186.394] IsWindowUnicode (hWnd=0x201ba) returned 1 [0186.394] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0186.394] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17d02b0) returned 0x1 [0186.394] SetCursor (hCursor=0x10003) returned 0x10003 [0186.394] TranslateMessage (lpMsg=0x29ea50) returned 0 [0186.394] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0186.394] GetKeyState (nVirtKey=1) returned 1 [0186.394] GetKeyState (nVirtKey=2) returned 0 [0186.395] GetKeyState (nVirtKey=4) returned 0 [0186.395] GetKeyState (nVirtKey=5) returned 0 [0186.395] GetKeyState (nVirtKey=6) returned 0 [0186.395] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0186.395] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0186.395] WaitMessage () returned 1 [0186.396] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0186.396] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0186.396] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0186.396] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0186.396] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0186.396] WaitMessage () returned 1 [0187.985] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0187.985] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0187.986] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0187.986] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0187.986] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0187.986] WaitMessage () returned 1 [0188.273] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.273] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17e02ad) returned 0x1 [0188.273] IsWindowUnicode (hWnd=0x201ba) returned 1 [0188.273] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.273] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17e02ad) returned 0x1 [0188.273] SetCursor (hCursor=0x10003) returned 0x10003 [0188.273] TranslateMessage (lpMsg=0x29ea50) returned 0 [0188.273] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0188.273] GetKeyState (nVirtKey=1) returned 1 [0188.273] GetKeyState (nVirtKey=2) returned 0 [0188.273] GetKeyState (nVirtKey=4) returned 0 [0188.273] GetKeyState (nVirtKey=5) returned 0 [0188.273] GetKeyState (nVirtKey=6) returned 0 [0188.273] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0188.273] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0188.273] WaitMessage () returned 1 [0188.292] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.292] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17e02ad) returned 0x1 [0188.292] IsWindowUnicode (hWnd=0x201ba) returned 1 [0188.292] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.292] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17e02ad) returned 0x1 [0188.292] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0188.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xd10149) returned 0x0 [0188.293] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0188.293] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0188.293] SetCursor (hCursor=0x10003) returned 0x10003 [0188.293] TranslateMessage (lpMsg=0x29ea50) returned 0 [0188.293] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0188.293] GetKeyState (nVirtKey=1) returned -128 [0188.293] GetKeyState (nVirtKey=2) returned 0 [0188.293] GetKeyState (nVirtKey=4) returned 0 [0188.293] GetKeyState (nVirtKey=5) returned 0 [0188.293] GetKeyState (nVirtKey=6) returned 0 [0188.293] IsWindowVisible (hWnd=0x201ba) returned 1 [0188.293] IsWindowEnabled (hWnd=0x201ba) returned 1 [0188.293] SetFocus (hWnd=0x201ba) returned 0x201ba [0188.293] GetFocus () returned 0x201ba [0188.293] GetFocus () returned 0x201ba [0188.293] GetFocus () returned 0x201ba [0188.293] GetKeyState (nVirtKey=1) returned -128 [0188.293] GetKeyState (nVirtKey=2) returned 0 [0188.293] GetKeyState (nVirtKey=4) returned 0 [0188.293] GetKeyState (nVirtKey=5) returned 0 [0188.293] GetKeyState (nVirtKey=6) returned 0 [0188.293] GetCapture () returned 0x0 [0188.293] SetCapture (hWnd=0x201ba) returned 0x0 [0188.293] GetKeyState (nVirtKey=1) returned -128 [0188.293] GetKeyState (nVirtKey=2) returned 0 [0188.293] GetKeyState (nVirtKey=4) returned 0 [0188.293] GetKeyState (nVirtKey=5) returned 0 [0188.293] GetKeyState (nVirtKey=6) returned 0 [0188.293] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0188.293] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0188.293] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.293] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.293] TranslateMessage (lpMsg=0x29ea50) returned 0 [0188.293] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0188.293] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.293] IsWindowUnicode (hWnd=0x201ba) returned 1 [0188.293] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.294] TranslateMessage (lpMsg=0x29ea50) returned 0 [0188.294] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0188.294] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2289b28, cPoints=0x1 | out: lpPoints=0x2289b28) returned 22938228 [0188.294] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0188.294] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0188.294] UpdateWindow (hWnd=0x201ba) returned 1 [0188.294] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0188.294] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0188.294] CreateCompatibleDC (hdc=0x501080c) returned 0x1c010821 [0188.294] SelectObject (hdc=0x1c010821, h=0xa05082d) returned 0x185000f [0188.294] GdipCreateFromHDC (hdc=0x1c010821, graphics=0x29da18) returned 0x0 [0188.294] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0188.294] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0188.294] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0188.294] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0188.294] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0188.294] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0188.294] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0188.294] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0188.294] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0188.294] GdipCreateRegion (region=0x29da40) returned 0x0 [0188.294] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0188.294] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0188.294] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0188.295] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd9a0dbd) returned 0x0 [0188.295] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0188.295] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0188.295] GetCurrentObject (hdc=0x1c010821, type=0x1) returned 0x1b00017 [0188.295] GetCurrentObject (hdc=0x1c010821, type=0x2) returned 0x1900010 [0188.295] GetCurrentObject (hdc=0x1c010821, type=0x7) returned 0xa05082d [0188.295] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.295] SaveDC (hdc=0x1c010821) returned 1 [0188.295] GetNearestColor (hdc=0x1c010821, color=0x0) returned 0x0 [0188.295] GetNearestColor (hdc=0x1c010821, color=0x0) returned 0x0 [0188.295] GetNearestColor (hdc=0x1c010821, color=0x0) returned 0x0 [0188.295] GetNearestColor (hdc=0x1c010821, color=0x989898) returned 0x989898 [0188.295] GetNearestColor (hdc=0x1c010821, color=0x8b) returned 0x8b [0188.295] GetNearestColor (hdc=0x1c010821, color=0x7f7f7f) returned 0x7f7f7f [0188.295] GetNearestColor (hdc=0x1c010821, color=0x989898) returned 0x989898 [0188.295] GetNearestColor (hdc=0x1c010821, color=0x0) returned 0x0 [0188.295] GetNearestColor (hdc=0x1c010821, color=0x8b) returned 0x8b [0188.295] RestoreDC (hdc=0x1c010821, nSavedDC=-1) returned 1 [0188.295] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1c010821) returned 0x0 [0188.295] IsAppThemed () returned 0x1 [0188.295] GetThemeAppProperties () returned 0x3 [0188.295] GetThemeAppProperties () returned 0x3 [0188.295] IsAppThemed () returned 0x1 [0188.295] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x228a700 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0188.296] IsAppThemed () returned 0x1 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] IsAppThemed () returned 0x1 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] IsAppThemed () returned 0x1 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] IsAppThemed () returned 0x1 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] IsThemePartDefined () returned 0x1 [0188.296] IsAppThemed () returned 0x1 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0188.296] IsAppThemed () returned 0x1 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] IsAppThemed () returned 0x1 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] GetThemeAppProperties () returned 0x3 [0188.296] IsThemePartDefined () returned 0x1 [0188.296] GdipCreateRegion (region=0x29d520) returned 0x0 [0188.296] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0188.296] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0188.296] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0188.296] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0188.296] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0188.296] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0188.296] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0188.297] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0188.297] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0188.297] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0188.297] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0188.297] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0188.297] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0188.297] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0188.297] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0188.297] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0188.297] GetCurrentObject (hdc=0x1c010821, type=0x1) returned 0x1b00017 [0188.297] GetCurrentObject (hdc=0x1c010821, type=0x2) returned 0x1900010 [0188.297] GetCurrentObject (hdc=0x1c010821, type=0x7) returned 0xa05082d [0188.297] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.297] SaveDC (hdc=0x1c010821) returned 1 [0188.297] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff8a040228 [0188.297] GetClipRgn (hdc=0x1c010821, hrgn=0xffffffff8a040228) returned 0 [0188.297] SelectClipRgn (hdc=0x1c010821, hrgn=0x3e040812) returned 2 [0188.297] DeleteObject (ho=0xffffffff8a040228) returned 1 [0188.297] DeleteObject (ho=0x3e040812) returned 1 [0188.297] OffsetViewportOrgEx (in: hdc=0x1c010821, x=0, y=0, lppt=0x228b0e8 | out: lppt=0x228b0e8) returned 1 [0188.297] DrawThemeParentBackground () returned 0x0 [0188.297] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0188.298] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0188.298] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0188.298] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0188.298] GetSystemMetrics (nIndex=42) returned 0 [0188.298] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0188.298] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0188.298] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0188.298] GetCurrentObject (hdc=0x1c010821, type=0x1) returned 0x1b00017 [0188.298] GetCurrentObject (hdc=0x1c010821, type=0x2) returned 0x1900010 [0188.298] GetCurrentObject (hdc=0x1c010821, type=0x7) returned 0xa05082d [0188.298] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.298] SaveDC (hdc=0x1c010821) returned 2 [0188.298] GetNearestColor (hdc=0x1c010821, color=0x0) returned 0x0 [0188.298] CreateSolidBrush (color=0x0) returned 0x4110081f [0188.298] FillRect (hDC=0x1c010821, lprc=0x29cb98, hbr=0x4110081f) returned 1 [0188.298] DeleteObject (ho=0x4110081f) returned 1 [0188.298] RestoreDC (hdc=0x1c010821, nSavedDC=-1) returned 1 [0188.298] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0188.298] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0188.298] GetSystemMetrics (nIndex=42) returned 0 [0188.298] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0188.298] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0188.298] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0188.299] GetCurrentObject (hdc=0x1c010821, type=0x1) returned 0x1b00017 [0188.299] GetCurrentObject (hdc=0x1c010821, type=0x2) returned 0x1900010 [0188.299] GetCurrentObject (hdc=0x1c010821, type=0x7) returned 0xa05082d [0188.299] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.299] SaveDC (hdc=0x1c010821) returned 2 [0188.299] GetNearestColor (hdc=0x1c010821, color=0x0) returned 0x0 [0188.299] CreateSolidBrush (color=0x0) returned 0x4210081f [0188.299] FillRect (hDC=0x1c010821, lprc=0x29cac8, hbr=0x4210081f) returned 1 [0188.299] DeleteObject (ho=0x4210081f) returned 1 [0188.299] RestoreDC (hdc=0x1c010821, nSavedDC=-1) returned 1 [0188.299] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0188.299] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0188.299] GetSystemMetrics (nIndex=42) returned 0 [0188.299] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0188.299] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0188.299] RestoreDC (hdc=0x1c010821, nSavedDC=-1) returned 1 [0188.299] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1c010821) returned 0x0 [0188.299] IsAppThemed () returned 0x1 [0188.299] GetThemeAppProperties () returned 0x3 [0188.299] GetThemeAppProperties () returned 0x3 [0188.299] IsAppThemed () returned 0x1 [0188.300] GetThemeAppProperties () returned 0x3 [0188.300] GetThemeAppProperties () returned 0x3 [0188.300] IsThemePartDefined () returned 0x1 [0188.300] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0188.300] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0188.300] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0188.300] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0188.300] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0188.300] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0188.300] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0188.300] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0188.300] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0188.300] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0188.300] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0188.300] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0188.300] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0188.300] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0188.300] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0188.300] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0188.300] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0188.300] GetCurrentObject (hdc=0x1c010821, type=0x1) returned 0x1b00017 [0188.300] GetCurrentObject (hdc=0x1c010821, type=0x2) returned 0x1900010 [0188.300] GetCurrentObject (hdc=0x1c010821, type=0x7) returned 0xa05082d [0188.300] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.301] SaveDC (hdc=0x1c010821) returned 1 [0188.301] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3f040812 [0188.301] GetClipRgn (hdc=0x1c010821, hrgn=0x3f040812) returned 0 [0188.301] SelectClipRgn (hdc=0x1c010821, hrgn=0xffffffff8c040228) returned 2 [0188.301] DeleteObject (ho=0x3f040812) returned 1 [0188.301] DeleteObject (ho=0xffffffff8c040228) returned 1 [0188.301] OffsetViewportOrgEx (in: hdc=0x1c010821, x=0, y=0, lppt=0x228c1f0 | out: lppt=0x228c1f0) returned 1 [0188.301] IsAppThemed () returned 0x1 [0188.301] GetThemeAppProperties () returned 0x3 [0188.301] GetThemeAppProperties () returned 0x3 [0188.301] DrawThemeBackground () returned 0x0 [0188.301] RestoreDC (hdc=0x1c010821, nSavedDC=-1) returned 1 [0188.301] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1c010821) returned 0x0 [0188.301] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0188.301] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0188.301] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0188.301] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0188.301] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0188.301] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0188.301] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0188.301] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0188.301] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0188.301] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0188.302] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0188.302] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0188.302] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0188.302] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0188.302] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0188.302] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0188.302] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0188.302] GetCurrentObject (hdc=0x1c010821, type=0x1) returned 0x1b00017 [0188.302] GetCurrentObject (hdc=0x1c010821, type=0x2) returned 0x1900010 [0188.302] GetCurrentObject (hdc=0x1c010821, type=0x7) returned 0xa05082d [0188.302] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.302] SaveDC (hdc=0x1c010821) returned 1 [0188.302] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff8d040228 [0188.302] GetClipRgn (hdc=0x1c010821, hrgn=0xffffffff8d040228) returned 0 [0188.302] SelectClipRgn (hdc=0x1c010821, hrgn=0x40040812) returned 2 [0188.302] DeleteObject (ho=0xffffffff8d040228) returned 1 [0188.302] DeleteObject (ho=0x40040812) returned 1 [0188.302] OffsetViewportOrgEx (in: hdc=0x1c010821, x=0, y=0, lppt=0x228c6c8 | out: lppt=0x228c6c8) returned 1 [0188.303] IsAppThemed () returned 0x1 [0188.303] GetThemeAppProperties () returned 0x3 [0188.303] GetThemeAppProperties () returned 0x3 [0188.303] GetThemeBackgroundContentRect () returned 0x0 [0188.303] RestoreDC (hdc=0x1c010821, nSavedDC=-1) returned 1 [0188.303] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1c010821) returned 0x0 [0188.303] IsAppThemed () returned 0x1 [0188.303] GetThemeAppProperties () returned 0x3 [0188.303] GetThemeAppProperties () returned 0x3 [0188.303] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0188.303] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0188.303] GetCurrentObject (hdc=0x1c010821, type=0x1) returned 0x1b00017 [0188.303] GetCurrentObject (hdc=0x1c010821, type=0x2) returned 0x1900010 [0188.303] GetCurrentObject (hdc=0x1c010821, type=0x7) returned 0xa05082d [0188.303] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.303] SaveDC (hdc=0x1c010821) returned 1 [0188.303] GetTextAlign (hdc=0x1c010821) returned 0x0 [0188.303] GetTextColor (hdc=0x1c010821) returned 0x0 [0188.303] SetTextColor (hdc=0x1c010821, color=0x8b) returned 0x0 [0188.303] GetCurrentObject (hdc=0x1c010821, type=0x6) returned 0x18a002e [0188.303] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0188.303] SelectObject (hdc=0x1c010821, h=0x90a0819) returned 0x18a002e [0188.303] GetBkMode (hdc=0x1c010821) returned 2 [0188.303] SetBkMode (hdc=0x1c010821, mode=1) returned 2 [0188.303] DrawTextExW (in: hdc=0x1c010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x228cd50 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0188.304] DrawTextExW (in: hdc=0x1c010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x228cd50 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0188.304] RestoreDC (hdc=0x1c010821, nSavedDC=-1) returned 1 [0188.304] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1c010821) returned 0x0 [0188.304] GetFocus () returned 0x201ba [0188.304] IsAppThemed () returned 0x1 [0188.304] GetThemeAppProperties () returned 0x3 [0188.304] GetThemeAppProperties () returned 0x3 [0188.304] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0188.304] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x1c010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0188.304] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1c010821) returned 0x0 [0188.304] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0188.304] SelectObject (hdc=0x1c010821, h=0x185000f) returned 0xa05082d [0188.304] DeleteDC (hdc=0x1c010821) returned 1 [0188.304] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0188.304] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0188.304] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x228ceb8, cPoints=0x1 | out: lpPoints=0x228ceb8) returned 22938228 [0188.304] WindowFromPoint (Point=0x17e000002ad) returned 0x201ba [0188.304] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17e02ad) returned 0x1 [0188.304] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0188.304] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0188.305] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0188.305] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0188.305] GetSystemMetrics (nIndex=42) returned 0 [0188.305] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad9c0 [0188.305] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad9c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0188.305] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad9c0) returned 0x158 [0188.305] CoTaskMemFree (pv=0x1a9ad9c0) [0188.305] OleSetClipboard (pDataObj=0x2df928) returned 0x0 [0188.311] OleFlushClipboard () returned 0x0 [0188.311] GlobalReAlloc (hMem=0x1bee00b8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00b8 [0188.311] GlobalLock (hMem=0x1bee00b8) returned 0x1a9ad6e0 [0188.311] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x228dda0, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0188.311] GlobalUnlock (hMem=0x1bee00b8) returned 0 [0188.311] GetCapture () returned 0x201ba [0188.311] ReleaseCapture () returned 1 [0188.311] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0188.311] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.312] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17e02ad) returned 0x1 [0188.312] IsWindowUnicode (hWnd=0x201ba) returned 1 [0188.312] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0188.312] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17e02ad) returned 0x1 [0188.312] SetCursor (hCursor=0x10003) returned 0x10003 [0188.312] TranslateMessage (lpMsg=0x29ea50) returned 0 [0188.312] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0188.312] GetKeyState (nVirtKey=1) returned 0 [0188.312] GetKeyState (nVirtKey=2) returned 0 [0188.312] GetKeyState (nVirtKey=4) returned 0 [0188.312] GetKeyState (nVirtKey=5) returned 0 [0188.312] GetKeyState (nVirtKey=6) returned 0 [0188.312] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0188.312] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0188.312] WaitMessage () returned 1 [0189.718] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0189.718] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0189.718] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0189.718] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0189.718] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0189.718] WaitMessage () returned 1 [0190.669] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0190.669] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0190.669] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0190.670] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0190.670] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0190.670] WaitMessage () returned 1 [0191.294] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.294] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302c2) returned 0x1 [0191.295] IsWindowUnicode (hWnd=0x201ba) returned 1 [0191.295] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.295] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302c2) returned 0x1 [0191.295] SetCursor (hCursor=0x10003) returned 0x10003 [0191.295] TranslateMessage (lpMsg=0x29ea50) returned 0 [0191.295] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0191.295] GetKeyState (nVirtKey=1) returned 0 [0191.295] GetKeyState (nVirtKey=2) returned 0 [0191.295] GetKeyState (nVirtKey=4) returned 0 [0191.295] GetKeyState (nVirtKey=5) returned 0 [0191.295] GetKeyState (nVirtKey=6) returned 0 [0191.295] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0191.295] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0191.295] WaitMessage () returned 1 [0191.383] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.383] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302c2) returned 0x1 [0191.383] IsWindowUnicode (hWnd=0x201ba) returned 1 [0191.383] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.383] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302c2) returned 0x1 [0191.383] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0191.383] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc6015e) returned 0x0 [0191.383] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0191.383] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0191.383] SetCursor (hCursor=0x10003) returned 0x10003 [0191.383] TranslateMessage (lpMsg=0x29ea50) returned 0 [0191.383] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0191.383] GetKeyState (nVirtKey=1) returned -127 [0191.383] GetKeyState (nVirtKey=2) returned 0 [0191.383] GetKeyState (nVirtKey=4) returned 0 [0191.383] GetKeyState (nVirtKey=5) returned 0 [0191.383] GetKeyState (nVirtKey=6) returned 0 [0191.384] IsWindowVisible (hWnd=0x201ba) returned 1 [0191.384] IsWindowEnabled (hWnd=0x201ba) returned 1 [0191.384] SetFocus (hWnd=0x201ba) returned 0x201ba [0191.384] GetFocus () returned 0x201ba [0191.384] GetFocus () returned 0x201ba [0191.384] GetFocus () returned 0x201ba [0191.384] GetKeyState (nVirtKey=1) returned -127 [0191.384] GetKeyState (nVirtKey=2) returned 0 [0191.384] GetKeyState (nVirtKey=4) returned 0 [0191.384] GetKeyState (nVirtKey=5) returned 0 [0191.384] GetKeyState (nVirtKey=6) returned 0 [0191.384] GetCapture () returned 0x0 [0191.384] SetCapture (hWnd=0x201ba) returned 0x0 [0191.384] GetKeyState (nVirtKey=1) returned -127 [0191.384] GetKeyState (nVirtKey=2) returned 0 [0191.384] GetKeyState (nVirtKey=4) returned 0 [0191.384] GetKeyState (nVirtKey=5) returned 0 [0191.384] GetKeyState (nVirtKey=6) returned 0 [0191.384] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0191.384] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0191.384] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.384] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.384] TranslateMessage (lpMsg=0x29ea50) returned 0 [0191.384] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0191.384] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.384] IsWindowUnicode (hWnd=0x201ba) returned 1 [0191.384] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.384] TranslateMessage (lpMsg=0x29ea50) returned 0 [0191.384] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0191.384] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x228e1f0, cPoints=0x1 | out: lpPoints=0x228e1f0) returned 22938228 [0191.384] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0191.384] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0191.384] UpdateWindow (hWnd=0x201ba) returned 1 [0191.385] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0191.385] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0191.385] CreateCompatibleDC (hdc=0x501080c) returned 0x1d010821 [0191.385] SelectObject (hdc=0x1d010821, h=0xa05082d) returned 0x185000f [0191.385] GdipCreateFromHDC (hdc=0x1d010821, graphics=0x29da18) returned 0x0 [0191.385] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0191.385] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0191.385] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0191.385] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0191.385] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0191.385] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0191.385] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0191.385] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0191.385] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0191.385] GdipCreateRegion (region=0x29da40) returned 0x0 [0191.385] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0191.385] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0191.385] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0191.386] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd980dbd) returned 0x0 [0191.386] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0191.386] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0191.386] GetCurrentObject (hdc=0x1d010821, type=0x1) returned 0x1b00017 [0191.386] GetCurrentObject (hdc=0x1d010821, type=0x2) returned 0x1900010 [0191.386] GetCurrentObject (hdc=0x1d010821, type=0x7) returned 0xa05082d [0191.386] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.386] SaveDC (hdc=0x1d010821) returned 1 [0191.386] GetNearestColor (hdc=0x1d010821, color=0x0) returned 0x0 [0191.386] GetNearestColor (hdc=0x1d010821, color=0x0) returned 0x0 [0191.386] GetNearestColor (hdc=0x1d010821, color=0x0) returned 0x0 [0191.386] GetNearestColor (hdc=0x1d010821, color=0x989898) returned 0x989898 [0191.386] GetNearestColor (hdc=0x1d010821, color=0x8b) returned 0x8b [0191.386] GetNearestColor (hdc=0x1d010821, color=0x7f7f7f) returned 0x7f7f7f [0191.386] GetNearestColor (hdc=0x1d010821, color=0x989898) returned 0x989898 [0191.386] GetNearestColor (hdc=0x1d010821, color=0x0) returned 0x0 [0191.386] GetNearestColor (hdc=0x1d010821, color=0x8b) returned 0x8b [0191.387] RestoreDC (hdc=0x1d010821, nSavedDC=-1) returned 1 [0191.387] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010821) returned 0x0 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x228edc8 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] IsThemePartDefined () returned 0x1 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0191.387] IsAppThemed () returned 0x1 [0191.387] GetThemeAppProperties () returned 0x3 [0191.387] GetThemeAppProperties () returned 0x3 [0191.388] IsAppThemed () returned 0x1 [0191.388] GetThemeAppProperties () returned 0x3 [0191.388] GetThemeAppProperties () returned 0x3 [0191.388] IsThemePartDefined () returned 0x1 [0191.388] GdipCreateRegion (region=0x29d520) returned 0x0 [0191.388] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0191.388] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0191.388] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0191.388] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0191.388] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0191.388] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0191.388] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0191.388] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0191.388] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0191.392] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0191.423] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0191.423] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0191.425] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0191.425] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0191.425] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0191.425] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0191.425] GetCurrentObject (hdc=0x1d010821, type=0x1) returned 0x1b00017 [0191.425] GetCurrentObject (hdc=0x1d010821, type=0x2) returned 0x1900010 [0191.425] GetCurrentObject (hdc=0x1d010821, type=0x7) returned 0xa05082d [0191.425] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.425] SaveDC (hdc=0x1d010821) returned 1 [0191.425] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x41040812 [0191.425] GetClipRgn (hdc=0x1d010821, hrgn=0x41040812) returned 0 [0191.425] SelectClipRgn (hdc=0x1d010821, hrgn=0xffffffff91040228) returned 2 [0191.425] DeleteObject (ho=0x41040812) returned 1 [0191.426] DeleteObject (ho=0xffffffff91040228) returned 1 [0191.426] OffsetViewportOrgEx (in: hdc=0x1d010821, x=0, y=0, lppt=0x228f7b0 | out: lppt=0x228f7b0) returned 1 [0191.426] DrawThemeParentBackground () returned 0x0 [0191.427] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0191.427] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0191.427] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0191.427] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0191.428] GetSystemMetrics (nIndex=42) returned 0 [0191.428] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0191.428] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0191.428] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0191.428] GetCurrentObject (hdc=0x1d010821, type=0x1) returned 0x1b00017 [0191.428] GetCurrentObject (hdc=0x1d010821, type=0x2) returned 0x1900010 [0191.428] GetCurrentObject (hdc=0x1d010821, type=0x7) returned 0xa05082d [0191.428] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.439] SaveDC (hdc=0x1d010821) returned 2 [0191.439] GetNearestColor (hdc=0x1d010821, color=0x0) returned 0x0 [0191.451] CreateSolidBrush (color=0x0) returned 0x4310081f [0191.451] FillRect (hDC=0x1d010821, lprc=0x29cb98, hbr=0x4310081f) returned 1 [0191.451] DeleteObject (ho=0x4310081f) returned 1 [0191.451] RestoreDC (hdc=0x1d010821, nSavedDC=-1) returned 1 [0191.451] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0191.451] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0191.452] GetSystemMetrics (nIndex=42) returned 0 [0191.452] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0191.452] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0191.452] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0191.452] GetCurrentObject (hdc=0x1d010821, type=0x1) returned 0x1b00017 [0191.490] GetCurrentObject (hdc=0x1d010821, type=0x2) returned 0x1900010 [0191.502] GetCurrentObject (hdc=0x1d010821, type=0x7) returned 0xa05082d [0191.555] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.555] SaveDC (hdc=0x1d010821) returned 2 [0191.555] GetNearestColor (hdc=0x1d010821, color=0x0) returned 0x0 [0191.555] CreateSolidBrush (color=0x0) returned 0x4410081f [0191.556] FillRect (hDC=0x1d010821, lprc=0x29cac8, hbr=0x4410081f) returned 1 [0191.557] DeleteObject (ho=0x4410081f) returned 1 [0191.557] RestoreDC (hdc=0x1d010821, nSavedDC=-1) returned 1 [0191.650] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0191.650] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0191.650] GetSystemMetrics (nIndex=42) returned 0 [0191.650] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0191.650] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0191.651] RestoreDC (hdc=0x1d010821, nSavedDC=-1) returned 1 [0191.651] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010821) returned 0x0 [0191.651] IsAppThemed () returned 0x1 [0191.651] GetThemeAppProperties () returned 0x3 [0191.651] GetThemeAppProperties () returned 0x3 [0191.651] IsAppThemed () returned 0x1 [0191.651] GetThemeAppProperties () returned 0x3 [0191.651] GetThemeAppProperties () returned 0x3 [0191.651] IsThemePartDefined () returned 0x1 [0191.651] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0191.651] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0191.651] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0191.651] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0191.651] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0191.651] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0191.651] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0191.652] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0191.652] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0191.652] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0191.652] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0191.652] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0191.652] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0191.652] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0191.652] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0191.652] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0191.652] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0191.652] GetCurrentObject (hdc=0x1d010821, type=0x1) returned 0x1b00017 [0191.652] GetCurrentObject (hdc=0x1d010821, type=0x2) returned 0x1900010 [0191.652] GetCurrentObject (hdc=0x1d010821, type=0x7) returned 0xa05082d [0191.652] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.652] SaveDC (hdc=0x1d010821) returned 1 [0191.653] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff92040228 [0191.653] GetClipRgn (hdc=0x1d010821, hrgn=0xffffffff92040228) returned 0 [0191.653] SelectClipRgn (hdc=0x1d010821, hrgn=0x43040812) returned 2 [0191.653] DeleteObject (ho=0xffffffff92040228) returned 1 [0191.653] DeleteObject (ho=0x43040812) returned 1 [0191.653] OffsetViewportOrgEx (in: hdc=0x1d010821, x=0, y=0, lppt=0x22908b8 | out: lppt=0x22908b8) returned 1 [0191.653] IsAppThemed () returned 0x1 [0191.653] GetThemeAppProperties () returned 0x3 [0191.653] GetThemeAppProperties () returned 0x3 [0191.653] DrawThemeBackground () returned 0x0 [0191.653] RestoreDC (hdc=0x1d010821, nSavedDC=-1) returned 1 [0191.653] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010821) returned 0x0 [0191.653] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0191.653] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0191.654] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0191.654] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0191.654] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0191.654] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0191.654] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0191.654] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0191.654] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0191.654] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0191.654] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0191.654] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0191.654] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0191.654] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0191.654] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0191.654] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0191.654] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0191.655] GetCurrentObject (hdc=0x1d010821, type=0x1) returned 0x1b00017 [0191.655] GetCurrentObject (hdc=0x1d010821, type=0x2) returned 0x1900010 [0191.655] GetCurrentObject (hdc=0x1d010821, type=0x7) returned 0xa05082d [0191.655] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.655] SaveDC (hdc=0x1d010821) returned 1 [0191.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x44040812 [0191.655] GetClipRgn (hdc=0x1d010821, hrgn=0x44040812) returned 0 [0191.655] SelectClipRgn (hdc=0x1d010821, hrgn=0xffffffff93040228) returned 2 [0191.655] DeleteObject (ho=0x44040812) returned 1 [0191.655] DeleteObject (ho=0xffffffff93040228) returned 1 [0191.655] OffsetViewportOrgEx (in: hdc=0x1d010821, x=0, y=0, lppt=0x2290d90 | out: lppt=0x2290d90) returned 1 [0191.655] IsAppThemed () returned 0x1 [0191.655] GetThemeAppProperties () returned 0x3 [0191.655] GetThemeAppProperties () returned 0x3 [0191.655] GetThemeBackgroundContentRect () returned 0x0 [0191.655] RestoreDC (hdc=0x1d010821, nSavedDC=-1) returned 1 [0191.656] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010821) returned 0x0 [0191.656] IsAppThemed () returned 0x1 [0191.656] GetThemeAppProperties () returned 0x3 [0191.656] GetThemeAppProperties () returned 0x3 [0191.656] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0191.656] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0191.656] GetCurrentObject (hdc=0x1d010821, type=0x1) returned 0x1b00017 [0191.656] GetCurrentObject (hdc=0x1d010821, type=0x2) returned 0x1900010 [0191.656] GetCurrentObject (hdc=0x1d010821, type=0x7) returned 0xa05082d [0191.656] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.656] SaveDC (hdc=0x1d010821) returned 1 [0191.656] GetTextAlign (hdc=0x1d010821) returned 0x0 [0191.656] GetTextColor (hdc=0x1d010821) returned 0x0 [0191.656] SetTextColor (hdc=0x1d010821, color=0x8b) returned 0x0 [0191.656] GetCurrentObject (hdc=0x1d010821, type=0x6) returned 0x18a002e [0191.656] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0191.657] SelectObject (hdc=0x1d010821, h=0x90a0819) returned 0x18a002e [0191.657] GetBkMode (hdc=0x1d010821) returned 2 [0191.657] SetBkMode (hdc=0x1d010821, mode=1) returned 2 [0191.657] DrawTextExW (in: hdc=0x1d010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x2291418 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0191.657] DrawTextExW (in: hdc=0x1d010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x2291418 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0191.657] RestoreDC (hdc=0x1d010821, nSavedDC=-1) returned 1 [0191.657] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010821) returned 0x0 [0191.657] GetFocus () returned 0x201ba [0191.657] IsAppThemed () returned 0x1 [0191.658] GetThemeAppProperties () returned 0x3 [0191.658] GetThemeAppProperties () returned 0x3 [0191.658] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0191.658] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x1d010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0191.658] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010821) returned 0x0 [0191.658] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0191.658] SelectObject (hdc=0x1d010821, h=0x185000f) returned 0xa05082d [0191.658] DeleteDC (hdc=0x1d010821) returned 1 [0191.658] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0191.658] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0191.658] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2291580, cPoints=0x1 | out: lpPoints=0x2291580) returned 22938228 [0191.658] WindowFromPoint (Point=0x173000002c2) returned 0x201ba [0191.658] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302c2) returned 0x1 [0191.659] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0191.659] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0191.659] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0191.659] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0191.659] GetSystemMetrics (nIndex=42) returned 0 [0191.659] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad9c0 [0191.659] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad9c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0191.659] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad9c0) returned 0x158 [0191.659] CoTaskMemFree (pv=0x1a9ad9c0) [0191.660] OleSetClipboard (pDataObj=0x2df828) returned 0x0 [0191.666] OleFlushClipboard () returned 0x0 [0191.684] GlobalReAlloc (hMem=0x1bee00c8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00c8 [0191.684] GlobalLock (hMem=0x1bee00c8) returned 0x1a9ad6e0 [0191.684] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x2292468, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0191.684] GlobalUnlock (hMem=0x1bee00c8) returned 0 [0191.749] GetCapture () returned 0x201ba [0191.749] ReleaseCapture () returned 1 [0191.749] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0191.749] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.749] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302c2) returned 0x1 [0191.750] IsWindowUnicode (hWnd=0x201ba) returned 1 [0191.750] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0191.750] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302c2) returned 0x1 [0191.750] SetCursor (hCursor=0x10003) returned 0x10003 [0191.750] TranslateMessage (lpMsg=0x29ea50) returned 0 [0191.750] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0191.750] GetKeyState (nVirtKey=1) returned 1 [0191.750] GetKeyState (nVirtKey=2) returned 0 [0191.750] GetKeyState (nVirtKey=4) returned 0 [0191.750] GetKeyState (nVirtKey=5) returned 0 [0191.750] GetKeyState (nVirtKey=6) returned 0 [0191.750] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0191.750] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0191.750] WaitMessage () returned 1 [0193.033] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0193.033] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0193.033] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0193.033] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0193.033] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0193.034] WaitMessage () returned 1 [0194.288] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0194.288] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17c02d4) returned 0x1 [0194.289] IsWindowUnicode (hWnd=0x201ba) returned 1 [0194.289] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0194.289] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17c02d4) returned 0x1 [0194.289] SetCursor (hCursor=0x10003) returned 0x10003 [0194.289] TranslateMessage (lpMsg=0x29ea50) returned 0 [0194.289] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0194.289] GetKeyState (nVirtKey=1) returned 1 [0194.289] GetKeyState (nVirtKey=2) returned 0 [0194.289] GetKeyState (nVirtKey=4) returned 0 [0194.289] GetKeyState (nVirtKey=5) returned 0 [0194.289] GetKeyState (nVirtKey=6) returned 0 [0194.289] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0194.289] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0194.289] WaitMessage () returned 1 [0194.954] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.036] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17c02d4) returned 0x1 [0195.037] IsWindowUnicode (hWnd=0x201ba) returned 1 [0195.037] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.037] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17c02d4) returned 0x1 [0195.037] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0195.037] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xcf0170) returned 0x0 [0195.037] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0195.037] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0195.037] SetCursor (hCursor=0x10003) returned 0x10003 [0195.037] TranslateMessage (lpMsg=0x29ea50) returned 0 [0195.037] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0195.037] GetKeyState (nVirtKey=1) returned -128 [0195.037] GetKeyState (nVirtKey=2) returned 0 [0195.037] GetKeyState (nVirtKey=4) returned 0 [0195.037] GetKeyState (nVirtKey=5) returned 0 [0195.037] GetKeyState (nVirtKey=6) returned 0 [0195.037] IsWindowVisible (hWnd=0x201ba) returned 1 [0195.037] IsWindowEnabled (hWnd=0x201ba) returned 1 [0195.037] SetFocus (hWnd=0x201ba) returned 0x201ba [0195.037] GetFocus () returned 0x201ba [0195.037] GetFocus () returned 0x201ba [0195.037] GetFocus () returned 0x201ba [0195.037] GetKeyState (nVirtKey=1) returned -128 [0195.037] GetKeyState (nVirtKey=2) returned 0 [0195.037] GetKeyState (nVirtKey=4) returned 0 [0195.037] GetKeyState (nVirtKey=5) returned 0 [0195.037] GetKeyState (nVirtKey=6) returned 0 [0195.037] GetCapture () returned 0x0 [0195.037] SetCapture (hWnd=0x201ba) returned 0x0 [0195.037] GetKeyState (nVirtKey=1) returned -128 [0195.037] GetKeyState (nVirtKey=2) returned 0 [0195.037] GetKeyState (nVirtKey=4) returned 0 [0195.038] GetKeyState (nVirtKey=5) returned 0 [0195.038] GetKeyState (nVirtKey=6) returned 0 [0195.038] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0195.038] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0195.038] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.038] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.038] TranslateMessage (lpMsg=0x29ea50) returned 0 [0195.038] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0195.038] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.038] IsWindowUnicode (hWnd=0x201ba) returned 1 [0195.038] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.038] TranslateMessage (lpMsg=0x29ea50) returned 0 [0195.038] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0195.038] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2292880, cPoints=0x1 | out: lpPoints=0x2292880) returned 22938228 [0195.038] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0195.038] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0195.038] UpdateWindow (hWnd=0x201ba) returned 1 [0195.038] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0195.038] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0195.038] CreateCompatibleDC (hdc=0x501080c) returned 0x1e010821 [0195.038] SelectObject (hdc=0x1e010821, h=0xa05082d) returned 0x185000f [0195.038] GdipCreateFromHDC (hdc=0x1e010821, graphics=0x29da18) returned 0x0 [0195.038] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0195.038] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0195.038] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0195.039] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0195.039] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0195.039] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0195.039] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0195.039] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0195.039] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0195.039] GdipCreateRegion (region=0x29da40) returned 0x0 [0195.039] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0195.039] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0195.039] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0195.039] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd960dbd) returned 0x0 [0195.039] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0195.039] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0195.039] GetCurrentObject (hdc=0x1e010821, type=0x1) returned 0x1b00017 [0195.039] GetCurrentObject (hdc=0x1e010821, type=0x2) returned 0x1900010 [0195.039] GetCurrentObject (hdc=0x1e010821, type=0x7) returned 0xa05082d [0195.039] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.039] SaveDC (hdc=0x1e010821) returned 1 [0195.039] GetNearestColor (hdc=0x1e010821, color=0x0) returned 0x0 [0195.039] GetNearestColor (hdc=0x1e010821, color=0x0) returned 0x0 [0195.039] GetNearestColor (hdc=0x1e010821, color=0x0) returned 0x0 [0195.039] GetNearestColor (hdc=0x1e010821, color=0x989898) returned 0x989898 [0195.039] GetNearestColor (hdc=0x1e010821, color=0x8b) returned 0x8b [0195.040] GetNearestColor (hdc=0x1e010821, color=0x7f7f7f) returned 0x7f7f7f [0195.040] GetNearestColor (hdc=0x1e010821, color=0x989898) returned 0x989898 [0195.040] GetNearestColor (hdc=0x1e010821, color=0x0) returned 0x0 [0195.040] GetNearestColor (hdc=0x1e010821, color=0x8b) returned 0x8b [0195.040] RestoreDC (hdc=0x1e010821, nSavedDC=-1) returned 1 [0195.040] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e010821) returned 0x0 [0195.040] IsAppThemed () returned 0x1 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] IsAppThemed () returned 0x1 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x2293458 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0195.040] IsAppThemed () returned 0x1 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] IsAppThemed () returned 0x1 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] IsAppThemed () returned 0x1 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] IsAppThemed () returned 0x1 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] GetThemeAppProperties () returned 0x3 [0195.040] IsThemePartDefined () returned 0x1 [0195.040] IsAppThemed () returned 0x1 [0195.040] GetThemeAppProperties () returned 0x3 [0195.041] GetThemeAppProperties () returned 0x3 [0195.041] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0195.041] IsAppThemed () returned 0x1 [0195.041] GetThemeAppProperties () returned 0x3 [0195.041] GetThemeAppProperties () returned 0x3 [0195.041] IsAppThemed () returned 0x1 [0195.041] GetThemeAppProperties () returned 0x3 [0195.041] GetThemeAppProperties () returned 0x3 [0195.041] IsThemePartDefined () returned 0x1 [0195.041] GdipCreateRegion (region=0x29d520) returned 0x0 [0195.041] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0195.041] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0195.041] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0195.041] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0195.041] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0195.041] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0195.041] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0195.041] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0195.041] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0195.041] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0195.041] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0195.041] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0195.041] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0195.041] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0195.041] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0195.041] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0195.041] GetCurrentObject (hdc=0x1e010821, type=0x1) returned 0x1b00017 [0195.041] GetCurrentObject (hdc=0x1e010821, type=0x2) returned 0x1900010 [0195.041] GetCurrentObject (hdc=0x1e010821, type=0x7) returned 0xa05082d [0195.041] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.042] SaveDC (hdc=0x1e010821) returned 1 [0195.042] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff94040228 [0195.042] GetClipRgn (hdc=0x1e010821, hrgn=0xffffffff94040228) returned 0 [0195.042] SelectClipRgn (hdc=0x1e010821, hrgn=0x48040812) returned 2 [0195.042] DeleteObject (ho=0xffffffff94040228) returned 1 [0195.042] DeleteObject (ho=0x48040812) returned 1 [0195.042] OffsetViewportOrgEx (in: hdc=0x1e010821, x=0, y=0, lppt=0x2293e40 | out: lppt=0x2293e40) returned 1 [0195.042] DrawThemeParentBackground () returned 0x0 [0195.042] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0195.042] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0195.042] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0195.042] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0195.042] GetSystemMetrics (nIndex=42) returned 0 [0195.042] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0195.042] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0195.042] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0195.042] GetCurrentObject (hdc=0x1e010821, type=0x1) returned 0x1b00017 [0195.042] GetCurrentObject (hdc=0x1e010821, type=0x2) returned 0x1900010 [0195.042] GetCurrentObject (hdc=0x1e010821, type=0x7) returned 0xa05082d [0195.042] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.042] SaveDC (hdc=0x1e010821) returned 2 [0195.042] GetNearestColor (hdc=0x1e010821, color=0x0) returned 0x0 [0195.043] CreateSolidBrush (color=0x0) returned 0x4510081f [0195.043] FillRect (hDC=0x1e010821, lprc=0x29cb98, hbr=0x4510081f) returned 1 [0195.043] DeleteObject (ho=0x4510081f) returned 1 [0195.043] RestoreDC (hdc=0x1e010821, nSavedDC=-1) returned 1 [0195.043] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0195.043] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0195.043] GetSystemMetrics (nIndex=42) returned 0 [0195.043] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0195.043] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0195.043] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0195.043] GetCurrentObject (hdc=0x1e010821, type=0x1) returned 0x1b00017 [0195.043] GetCurrentObject (hdc=0x1e010821, type=0x2) returned 0x1900010 [0195.043] GetCurrentObject (hdc=0x1e010821, type=0x7) returned 0xa05082d [0195.043] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.043] SaveDC (hdc=0x1e010821) returned 2 [0195.043] GetNearestColor (hdc=0x1e010821, color=0x0) returned 0x0 [0195.043] CreateSolidBrush (color=0x0) returned 0x4610081f [0195.043] FillRect (hDC=0x1e010821, lprc=0x29cac8, hbr=0x4610081f) returned 1 [0195.043] DeleteObject (ho=0x4610081f) returned 1 [0195.043] RestoreDC (hdc=0x1e010821, nSavedDC=-1) returned 1 [0195.043] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0195.043] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0195.044] GetSystemMetrics (nIndex=42) returned 0 [0195.044] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0195.044] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0195.044] RestoreDC (hdc=0x1e010821, nSavedDC=-1) returned 1 [0195.044] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e010821) returned 0x0 [0195.044] IsAppThemed () returned 0x1 [0195.044] GetThemeAppProperties () returned 0x3 [0195.044] GetThemeAppProperties () returned 0x3 [0195.044] IsAppThemed () returned 0x1 [0195.044] GetThemeAppProperties () returned 0x3 [0195.044] GetThemeAppProperties () returned 0x3 [0195.044] IsThemePartDefined () returned 0x1 [0195.044] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0195.044] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0195.044] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0195.044] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0195.044] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0195.044] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0195.044] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0195.044] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0195.044] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0195.044] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0195.044] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0195.044] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0195.045] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0195.045] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0195.045] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0195.045] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0195.045] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0195.045] GetCurrentObject (hdc=0x1e010821, type=0x1) returned 0x1b00017 [0195.045] GetCurrentObject (hdc=0x1e010821, type=0x2) returned 0x1900010 [0195.045] GetCurrentObject (hdc=0x1e010821, type=0x7) returned 0xa05082d [0195.045] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.045] SaveDC (hdc=0x1e010821) returned 1 [0195.045] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x49040812 [0195.045] GetClipRgn (hdc=0x1e010821, hrgn=0x49040812) returned 0 [0195.045] SelectClipRgn (hdc=0x1e010821, hrgn=0xffffffff96040228) returned 2 [0195.045] DeleteObject (ho=0x49040812) returned 1 [0195.045] DeleteObject (ho=0xffffffff96040228) returned 1 [0195.045] OffsetViewportOrgEx (in: hdc=0x1e010821, x=0, y=0, lppt=0x2294f48 | out: lppt=0x2294f48) returned 1 [0195.045] IsAppThemed () returned 0x1 [0195.045] GetThemeAppProperties () returned 0x3 [0195.045] GetThemeAppProperties () returned 0x3 [0195.045] DrawThemeBackground () returned 0x0 [0195.046] RestoreDC (hdc=0x1e010821, nSavedDC=-1) returned 1 [0195.046] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e010821) returned 0x0 [0195.046] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0195.046] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0195.046] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0195.046] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0195.046] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0195.046] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0195.046] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0195.046] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0195.046] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0195.046] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0195.046] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0195.046] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0195.046] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0195.046] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0195.046] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0195.046] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0195.046] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0195.046] GetCurrentObject (hdc=0x1e010821, type=0x1) returned 0x1b00017 [0195.046] GetCurrentObject (hdc=0x1e010821, type=0x2) returned 0x1900010 [0195.046] GetCurrentObject (hdc=0x1e010821, type=0x7) returned 0xa05082d [0195.046] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.046] SaveDC (hdc=0x1e010821) returned 1 [0195.047] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff97040228 [0195.047] GetClipRgn (hdc=0x1e010821, hrgn=0xffffffff97040228) returned 0 [0195.047] SelectClipRgn (hdc=0x1e010821, hrgn=0x4a040812) returned 2 [0195.047] DeleteObject (ho=0xffffffff97040228) returned 1 [0195.047] DeleteObject (ho=0x4a040812) returned 1 [0195.047] OffsetViewportOrgEx (in: hdc=0x1e010821, x=0, y=0, lppt=0x2295420 | out: lppt=0x2295420) returned 1 [0195.047] IsAppThemed () returned 0x1 [0195.047] GetThemeAppProperties () returned 0x3 [0195.047] GetThemeAppProperties () returned 0x3 [0195.047] GetThemeBackgroundContentRect () returned 0x0 [0195.047] RestoreDC (hdc=0x1e010821, nSavedDC=-1) returned 1 [0195.047] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e010821) returned 0x0 [0195.047] IsAppThemed () returned 0x1 [0195.047] GetThemeAppProperties () returned 0x3 [0195.047] GetThemeAppProperties () returned 0x3 [0195.047] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0195.047] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0195.047] GetCurrentObject (hdc=0x1e010821, type=0x1) returned 0x1b00017 [0195.047] GetCurrentObject (hdc=0x1e010821, type=0x2) returned 0x1900010 [0195.047] GetCurrentObject (hdc=0x1e010821, type=0x7) returned 0xa05082d [0195.047] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.047] SaveDC (hdc=0x1e010821) returned 1 [0195.047] GetTextAlign (hdc=0x1e010821) returned 0x0 [0195.047] GetTextColor (hdc=0x1e010821) returned 0x0 [0195.047] SetTextColor (hdc=0x1e010821, color=0x8b) returned 0x0 [0195.048] GetCurrentObject (hdc=0x1e010821, type=0x6) returned 0x18a002e [0195.048] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0195.048] SelectObject (hdc=0x1e010821, h=0x90a0819) returned 0x18a002e [0195.048] GetBkMode (hdc=0x1e010821) returned 2 [0195.048] SetBkMode (hdc=0x1e010821, mode=1) returned 2 [0195.048] DrawTextExW (in: hdc=0x1e010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x2295aa8 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0195.048] DrawTextExW (in: hdc=0x1e010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x2295aa8 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0195.048] RestoreDC (hdc=0x1e010821, nSavedDC=-1) returned 1 [0195.048] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e010821) returned 0x0 [0195.048] GetFocus () returned 0x201ba [0195.048] IsAppThemed () returned 0x1 [0195.048] GetThemeAppProperties () returned 0x3 [0195.048] GetThemeAppProperties () returned 0x3 [0195.048] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0195.048] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x1e010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0195.049] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1e010821) returned 0x0 [0195.049] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0195.049] SelectObject (hdc=0x1e010821, h=0x185000f) returned 0xa05082d [0195.049] DeleteDC (hdc=0x1e010821) returned 1 [0195.049] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0195.049] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0195.049] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2295c10, cPoints=0x1 | out: lpPoints=0x2295c10) returned 22938228 [0195.049] WindowFromPoint (Point=0x17c000002d4) returned 0x201ba [0195.049] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17c02d4) returned 0x1 [0195.049] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0195.049] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0195.049] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0195.049] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0195.049] GetSystemMetrics (nIndex=42) returned 0 [0195.049] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad9c0 [0195.049] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad9c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0195.049] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad9c0) returned 0x158 [0195.049] CoTaskMemFree (pv=0x1a9ad9c0) [0195.050] OleSetClipboard (pDataObj=0x2df728) returned 0x0 [0195.061] OleFlushClipboard () returned 0x0 [0195.061] GlobalReAlloc (hMem=0x1bee00d8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00d8 [0195.061] GlobalLock (hMem=0x1bee00d8) returned 0x1a9ad6e0 [0195.061] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x2296af8, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0195.061] GlobalUnlock (hMem=0x1bee00d8) returned 0 [0195.062] GetCapture () returned 0x201ba [0195.062] ReleaseCapture () returned 1 [0195.062] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0195.062] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.062] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17c02d4) returned 0x1 [0195.062] IsWindowUnicode (hWnd=0x201ba) returned 1 [0195.062] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0195.062] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17c02d4) returned 0x1 [0195.062] SetCursor (hCursor=0x10003) returned 0x10003 [0195.063] TranslateMessage (lpMsg=0x29ea50) returned 0 [0195.063] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0195.063] GetKeyState (nVirtKey=1) returned 0 [0195.063] GetKeyState (nVirtKey=2) returned 0 [0195.063] GetKeyState (nVirtKey=4) returned 0 [0195.063] GetKeyState (nVirtKey=5) returned 0 [0195.063] GetKeyState (nVirtKey=6) returned 0 [0195.063] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0195.063] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0195.063] WaitMessage () returned 1 [0195.065] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0195.065] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0195.065] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0195.065] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0195.065] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0195.065] WaitMessage () returned 1 [0197.488] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.488] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a6) returned 0x1 [0197.489] IsWindowUnicode (hWnd=0x201ba) returned 1 [0197.489] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.489] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a6) returned 0x1 [0197.495] SetCursor (hCursor=0x10003) returned 0x10003 [0197.495] TranslateMessage (lpMsg=0x29ea50) returned 0 [0197.495] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0197.495] GetKeyState (nVirtKey=1) returned 0 [0197.495] GetKeyState (nVirtKey=2) returned 0 [0197.495] GetKeyState (nVirtKey=4) returned 0 [0197.495] GetKeyState (nVirtKey=5) returned 0 [0197.496] GetKeyState (nVirtKey=6) returned 0 [0197.496] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.496] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a6) returned 0x1 [0197.496] IsWindowUnicode (hWnd=0x201ba) returned 1 [0197.496] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.496] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a6) returned 0x1 [0197.496] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0197.496] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc40142) returned 0x0 [0197.496] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0197.496] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0197.496] SetCursor (hCursor=0x10003) returned 0x10003 [0197.496] TranslateMessage (lpMsg=0x29ea50) returned 0 [0197.496] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0197.496] GetKeyState (nVirtKey=1) returned -127 [0197.496] GetKeyState (nVirtKey=2) returned 0 [0197.496] GetKeyState (nVirtKey=4) returned 0 [0197.496] GetKeyState (nVirtKey=5) returned 0 [0197.496] GetKeyState (nVirtKey=6) returned 0 [0197.496] IsWindowVisible (hWnd=0x201ba) returned 1 [0197.496] IsWindowEnabled (hWnd=0x201ba) returned 1 [0197.496] SetFocus (hWnd=0x201ba) returned 0x201ba [0197.496] GetFocus () returned 0x201ba [0197.496] GetFocus () returned 0x201ba [0197.518] GetFocus () returned 0x201ba [0197.518] GetKeyState (nVirtKey=1) returned -127 [0197.518] GetKeyState (nVirtKey=2) returned 0 [0197.518] GetKeyState (nVirtKey=4) returned 0 [0197.518] GetKeyState (nVirtKey=5) returned 0 [0197.518] GetKeyState (nVirtKey=6) returned 0 [0197.518] GetCapture () returned 0x0 [0197.518] SetCapture (hWnd=0x201ba) returned 0x0 [0197.518] GetKeyState (nVirtKey=1) returned -127 [0197.518] GetKeyState (nVirtKey=2) returned 0 [0197.518] GetKeyState (nVirtKey=4) returned 0 [0197.518] GetKeyState (nVirtKey=5) returned 0 [0197.518] GetKeyState (nVirtKey=6) returned 0 [0197.518] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0197.518] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0197.576] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.576] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.576] TranslateMessage (lpMsg=0x29ea50) returned 0 [0197.576] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0197.577] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.577] IsWindowUnicode (hWnd=0x201ba) returned 1 [0197.577] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.577] TranslateMessage (lpMsg=0x29ea50) returned 0 [0197.577] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0197.577] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x2296ed8, cPoints=0x1 | out: lpPoints=0x2296ed8) returned 22938228 [0197.577] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0197.577] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0197.577] UpdateWindow (hWnd=0x201ba) returned 1 [0197.577] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0197.577] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0197.577] CreateCompatibleDC (hdc=0x501080c) returned 0x1f010821 [0197.577] SelectObject (hdc=0x1f010821, h=0xa05082d) returned 0x185000f [0197.577] GdipCreateFromHDC (hdc=0x1f010821, graphics=0x29da18) returned 0x0 [0197.577] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0197.577] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0197.577] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0197.577] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0197.577] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0197.577] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0197.577] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0197.577] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0197.577] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0197.578] GdipCreateRegion (region=0x29da40) returned 0x0 [0197.578] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0197.578] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0197.578] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0197.578] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd940dbd) returned 0x0 [0197.578] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0197.578] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0197.578] GetCurrentObject (hdc=0x1f010821, type=0x1) returned 0x1b00017 [0197.578] GetCurrentObject (hdc=0x1f010821, type=0x2) returned 0x1900010 [0197.578] GetCurrentObject (hdc=0x1f010821, type=0x7) returned 0xa05082d [0197.578] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.578] SaveDC (hdc=0x1f010821) returned 1 [0197.578] GetNearestColor (hdc=0x1f010821, color=0x0) returned 0x0 [0197.578] GetNearestColor (hdc=0x1f010821, color=0x0) returned 0x0 [0197.579] GetNearestColor (hdc=0x1f010821, color=0x0) returned 0x0 [0197.579] GetNearestColor (hdc=0x1f010821, color=0x989898) returned 0x989898 [0197.579] GetNearestColor (hdc=0x1f010821, color=0x8b) returned 0x8b [0197.579] GetNearestColor (hdc=0x1f010821, color=0x7f7f7f) returned 0x7f7f7f [0197.579] GetNearestColor (hdc=0x1f010821, color=0x989898) returned 0x989898 [0197.579] GetNearestColor (hdc=0x1f010821, color=0x0) returned 0x0 [0197.579] GetNearestColor (hdc=0x1f010821, color=0x8b) returned 0x8b [0197.579] RestoreDC (hdc=0x1f010821, nSavedDC=-1) returned 1 [0197.579] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1f010821) returned 0x0 [0197.579] IsAppThemed () returned 0x1 [0197.579] GetThemeAppProperties () returned 0x3 [0197.579] GetThemeAppProperties () returned 0x3 [0197.579] IsAppThemed () returned 0x1 [0197.579] GetThemeAppProperties () returned 0x3 [0197.579] GetThemeAppProperties () returned 0x3 [0197.579] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x2297ab0 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0197.579] IsAppThemed () returned 0x1 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] IsAppThemed () returned 0x1 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] IsAppThemed () returned 0x1 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] IsAppThemed () returned 0x1 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] IsThemePartDefined () returned 0x1 [0197.580] IsAppThemed () returned 0x1 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0197.580] IsAppThemed () returned 0x1 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] IsAppThemed () returned 0x1 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] GetThemeAppProperties () returned 0x3 [0197.580] IsThemePartDefined () returned 0x1 [0197.580] GdipCreateRegion (region=0x29d520) returned 0x0 [0197.580] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0197.580] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0197.580] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0197.580] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0197.580] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0197.580] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0197.580] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0197.581] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0197.581] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0197.581] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0197.581] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0197.581] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0197.581] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0197.581] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0197.581] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0197.581] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0197.581] GetCurrentObject (hdc=0x1f010821, type=0x1) returned 0x1b00017 [0197.581] GetCurrentObject (hdc=0x1f010821, type=0x2) returned 0x1900010 [0197.581] GetCurrentObject (hdc=0x1f010821, type=0x7) returned 0xa05082d [0197.581] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.581] SaveDC (hdc=0x1f010821) returned 1 [0197.581] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x4b040812 [0197.581] GetClipRgn (hdc=0x1f010821, hrgn=0x4b040812) returned 0 [0197.581] SelectClipRgn (hdc=0x1f010821, hrgn=0xffffffff9b040228) returned 2 [0197.581] DeleteObject (ho=0x4b040812) returned 1 [0197.581] DeleteObject (ho=0xffffffff9b040228) returned 1 [0197.581] OffsetViewportOrgEx (in: hdc=0x1f010821, x=0, y=0, lppt=0x2298498 | out: lppt=0x2298498) returned 1 [0197.581] DrawThemeParentBackground () returned 0x0 [0197.582] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0197.582] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0197.582] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0197.582] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0197.582] GetSystemMetrics (nIndex=42) returned 0 [0197.582] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0197.582] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0197.582] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0197.582] GetCurrentObject (hdc=0x1f010821, type=0x1) returned 0x1b00017 [0197.582] GetCurrentObject (hdc=0x1f010821, type=0x2) returned 0x1900010 [0197.582] GetCurrentObject (hdc=0x1f010821, type=0x7) returned 0xa05082d [0197.582] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.582] SaveDC (hdc=0x1f010821) returned 2 [0197.582] GetNearestColor (hdc=0x1f010821, color=0x0) returned 0x0 [0197.582] CreateSolidBrush (color=0x0) returned 0x4710081f [0197.582] FillRect (hDC=0x1f010821, lprc=0x29cb98, hbr=0x4710081f) returned 1 [0197.582] DeleteObject (ho=0x4710081f) returned 1 [0197.582] RestoreDC (hdc=0x1f010821, nSavedDC=-1) returned 1 [0197.583] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0197.583] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0197.583] GetSystemMetrics (nIndex=42) returned 0 [0197.583] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0197.583] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0197.583] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0197.583] GetCurrentObject (hdc=0x1f010821, type=0x1) returned 0x1b00017 [0197.583] GetCurrentObject (hdc=0x1f010821, type=0x2) returned 0x1900010 [0197.586] GetCurrentObject (hdc=0x1f010821, type=0x7) returned 0xa05082d [0197.626] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.629] SaveDC (hdc=0x1f010821) returned 2 [0197.629] GetNearestColor (hdc=0x1f010821, color=0x0) returned 0x0 [0197.639] CreateSolidBrush (color=0x0) returned 0x4810081f [0197.639] FillRect (hDC=0x1f010821, lprc=0x29cac8, hbr=0x4810081f) returned 1 [0197.639] DeleteObject (ho=0x4810081f) returned 1 [0197.639] RestoreDC (hdc=0x1f010821, nSavedDC=-1) returned 1 [0197.640] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0197.640] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0197.640] GetSystemMetrics (nIndex=42) returned 0 [0197.640] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0197.640] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0197.640] RestoreDC (hdc=0x1f010821, nSavedDC=-1) returned 1 [0197.640] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1f010821) returned 0x0 [0197.640] IsAppThemed () returned 0x1 [0197.640] GetThemeAppProperties () returned 0x3 [0197.640] GetThemeAppProperties () returned 0x3 [0197.640] IsAppThemed () returned 0x1 [0197.640] GetThemeAppProperties () returned 0x3 [0197.640] GetThemeAppProperties () returned 0x3 [0197.640] IsThemePartDefined () returned 0x1 [0197.640] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0197.640] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0197.640] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0197.640] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0197.640] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0197.640] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0197.640] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0197.640] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0197.640] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0197.640] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0197.662] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0197.673] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0197.673] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0197.673] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0197.673] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0197.673] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0197.673] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0197.673] GetCurrentObject (hdc=0x1f010821, type=0x1) returned 0x1b00017 [0197.673] GetCurrentObject (hdc=0x1f010821, type=0x2) returned 0x1900010 [0197.673] GetCurrentObject (hdc=0x1f010821, type=0x7) returned 0xa05082d [0197.673] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.673] SaveDC (hdc=0x1f010821) returned 1 [0197.673] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff9c040228 [0197.673] GetClipRgn (hdc=0x1f010821, hrgn=0xffffffff9c040228) returned 0 [0197.673] SelectClipRgn (hdc=0x1f010821, hrgn=0x4d040812) returned 2 [0197.674] DeleteObject (ho=0xffffffff9c040228) returned 1 [0197.674] DeleteObject (ho=0x4d040812) returned 1 [0197.674] OffsetViewportOrgEx (in: hdc=0x1f010821, x=0, y=0, lppt=0x22995a0 | out: lppt=0x22995a0) returned 1 [0197.674] IsAppThemed () returned 0x1 [0197.674] GetThemeAppProperties () returned 0x3 [0197.701] GetThemeAppProperties () returned 0x3 [0197.701] DrawThemeBackground () returned 0x0 [0197.701] RestoreDC (hdc=0x1f010821, nSavedDC=-1) returned 1 [0197.701] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1f010821) returned 0x0 [0197.701] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0197.702] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0197.702] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0197.702] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0197.702] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0197.702] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0197.702] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0197.771] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0197.771] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0197.771] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0197.771] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0197.771] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0197.771] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0197.771] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0197.771] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0197.771] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0197.771] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0197.771] GetCurrentObject (hdc=0x1f010821, type=0x1) returned 0x1b00017 [0197.771] GetCurrentObject (hdc=0x1f010821, type=0x2) returned 0x1900010 [0197.771] GetCurrentObject (hdc=0x1f010821, type=0x7) returned 0xa05082d [0197.771] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.771] SaveDC (hdc=0x1f010821) returned 1 [0197.771] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x4e040812 [0197.771] GetClipRgn (hdc=0x1f010821, hrgn=0x4e040812) returned 0 [0197.771] SelectClipRgn (hdc=0x1f010821, hrgn=0xffffffff9d040228) returned 2 [0197.771] DeleteObject (ho=0x4e040812) returned 1 [0197.771] DeleteObject (ho=0xffffffff9d040228) returned 1 [0197.771] OffsetViewportOrgEx (in: hdc=0x1f010821, x=0, y=0, lppt=0x2299a78 | out: lppt=0x2299a78) returned 1 [0197.771] IsAppThemed () returned 0x1 [0197.772] GetThemeAppProperties () returned 0x3 [0197.772] GetThemeAppProperties () returned 0x3 [0197.772] GetThemeBackgroundContentRect () returned 0x0 [0197.772] RestoreDC (hdc=0x1f010821, nSavedDC=-1) returned 1 [0197.772] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1f010821) returned 0x0 [0197.772] IsAppThemed () returned 0x1 [0197.772] GetThemeAppProperties () returned 0x3 [0197.772] GetThemeAppProperties () returned 0x3 [0197.772] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0197.772] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0197.772] GetCurrentObject (hdc=0x1f010821, type=0x1) returned 0x1b00017 [0197.772] GetCurrentObject (hdc=0x1f010821, type=0x2) returned 0x1900010 [0197.772] GetCurrentObject (hdc=0x1f010821, type=0x7) returned 0xa05082d [0197.772] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.772] SaveDC (hdc=0x1f010821) returned 1 [0197.772] GetTextAlign (hdc=0x1f010821) returned 0x0 [0197.772] GetTextColor (hdc=0x1f010821) returned 0x0 [0197.772] SetTextColor (hdc=0x1f010821, color=0x8b) returned 0x0 [0197.772] GetCurrentObject (hdc=0x1f010821, type=0x6) returned 0x18a002e [0197.772] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0197.772] SelectObject (hdc=0x1f010821, h=0x90a0819) returned 0x18a002e [0197.772] GetBkMode (hdc=0x1f010821) returned 2 [0197.772] SetBkMode (hdc=0x1f010821, mode=1) returned 2 [0197.772] DrawTextExW (in: hdc=0x1f010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x229a100 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0197.773] DrawTextExW (in: hdc=0x1f010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x229a100 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0197.773] RestoreDC (hdc=0x1f010821, nSavedDC=-1) returned 1 [0197.773] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1f010821) returned 0x0 [0197.773] GetFocus () returned 0x201ba [0197.773] IsAppThemed () returned 0x1 [0197.773] GetThemeAppProperties () returned 0x3 [0197.773] GetThemeAppProperties () returned 0x3 [0197.773] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0197.773] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x1f010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0197.773] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1f010821) returned 0x0 [0197.773] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0197.773] SelectObject (hdc=0x1f010821, h=0x185000f) returned 0xa05082d [0197.773] DeleteDC (hdc=0x1f010821) returned 1 [0197.773] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0197.773] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0197.773] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x229a268, cPoints=0x1 | out: lpPoints=0x229a268) returned 22938228 [0197.773] WindowFromPoint (Point=0x171000002a6) returned 0x201ba [0197.773] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a6) returned 0x1 [0197.774] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0197.774] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0197.774] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0197.774] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0197.774] GetSystemMetrics (nIndex=42) returned 0 [0197.774] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad9c0 [0197.774] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad9c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0197.774] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad9c0) returned 0x158 [0197.774] CoTaskMemFree (pv=0x1a9ad9c0) [0197.774] OleSetClipboard (pDataObj=0x2df628) returned 0x0 [0197.788] OleFlushClipboard () returned 0x0 [0197.788] GlobalReAlloc (hMem=0x1bee00e8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00e8 [0197.788] GlobalLock (hMem=0x1bee00e8) returned 0x1a9ad6e0 [0197.788] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x229b150, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0197.788] GlobalUnlock (hMem=0x1bee00e8) returned 0 [0197.792] GetCapture () returned 0x201ba [0197.792] ReleaseCapture () returned 1 [0197.792] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0197.792] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.792] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0197.792] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0197.792] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0197.792] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a6) returned 0x1 [0197.792] IsWindowUnicode (hWnd=0x201ba) returned 1 [0197.792] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0197.792] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a6) returned 0x1 [0197.793] SetCursor (hCursor=0x10003) returned 0x10003 [0197.793] TranslateMessage (lpMsg=0x29ea50) returned 0 [0197.793] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0197.793] GetKeyState (nVirtKey=1) returned 1 [0197.793] GetKeyState (nVirtKey=2) returned 0 [0197.793] GetKeyState (nVirtKey=4) returned 0 [0197.793] GetKeyState (nVirtKey=5) returned 0 [0197.793] GetKeyState (nVirtKey=6) returned 0 [0197.793] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0197.793] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0197.793] WaitMessage () returned 1 [0200.365] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.365] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17202b7) returned 0x1 [0200.400] IsWindowUnicode (hWnd=0x201ba) returned 1 [0200.400] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.400] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17202b7) returned 0x1 [0200.464] SetCursor (hCursor=0x10003) returned 0x10003 [0200.493] TranslateMessage (lpMsg=0x29ea50) returned 0 [0200.493] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0200.493] GetKeyState (nVirtKey=1) returned 1 [0200.493] GetKeyState (nVirtKey=2) returned 0 [0200.493] GetKeyState (nVirtKey=4) returned 0 [0200.493] GetKeyState (nVirtKey=5) returned 0 [0200.493] GetKeyState (nVirtKey=6) returned 0 [0200.493] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.493] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17202b7) returned 0x1 [0200.493] IsWindowUnicode (hWnd=0x201ba) returned 1 [0200.493] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.493] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17202b7) returned 0x1 [0200.493] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0200.493] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc50153) returned 0x0 [0200.493] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0200.493] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0200.494] SetCursor (hCursor=0x10003) returned 0x10003 [0200.494] TranslateMessage (lpMsg=0x29ea50) returned 0 [0200.494] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0200.494] GetKeyState (nVirtKey=1) returned -128 [0200.494] GetKeyState (nVirtKey=2) returned 0 [0200.494] GetKeyState (nVirtKey=4) returned 0 [0200.494] GetKeyState (nVirtKey=5) returned 0 [0200.494] GetKeyState (nVirtKey=6) returned 0 [0200.494] IsWindowVisible (hWnd=0x201ba) returned 1 [0200.494] IsWindowEnabled (hWnd=0x201ba) returned 1 [0200.494] SetFocus (hWnd=0x201ba) returned 0x201ba [0200.494] GetFocus () returned 0x201ba [0200.494] GetFocus () returned 0x201ba [0200.494] GetFocus () returned 0x201ba [0200.494] GetKeyState (nVirtKey=1) returned -128 [0200.494] GetKeyState (nVirtKey=2) returned 0 [0200.494] GetKeyState (nVirtKey=4) returned 0 [0200.494] GetKeyState (nVirtKey=5) returned 0 [0200.494] GetKeyState (nVirtKey=6) returned 0 [0200.494] GetCapture () returned 0x0 [0200.494] SetCapture (hWnd=0x201ba) returned 0x0 [0200.494] GetKeyState (nVirtKey=1) returned -128 [0200.494] GetKeyState (nVirtKey=2) returned 0 [0200.494] GetKeyState (nVirtKey=4) returned 0 [0200.494] GetKeyState (nVirtKey=5) returned 0 [0200.494] GetKeyState (nVirtKey=6) returned 0 [0200.494] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0200.494] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0200.494] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.494] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.494] TranslateMessage (lpMsg=0x29ea50) returned 0 [0200.494] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0200.494] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.494] IsWindowUnicode (hWnd=0x201ba) returned 1 [0200.494] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.494] TranslateMessage (lpMsg=0x29ea50) returned 0 [0200.494] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0200.494] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x229b4f8, cPoints=0x1 | out: lpPoints=0x229b4f8) returned 22938228 [0200.494] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0200.494] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0200.494] UpdateWindow (hWnd=0x201ba) returned 1 [0200.495] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0200.495] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0200.495] CreateCompatibleDC (hdc=0x501080c) returned 0x20010821 [0200.495] SelectObject (hdc=0x20010821, h=0xa05082d) returned 0x185000f [0200.495] GdipCreateFromHDC (hdc=0x20010821, graphics=0x29da18) returned 0x0 [0200.495] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0200.495] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0200.495] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0200.495] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0200.495] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0200.495] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0200.495] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0200.495] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0200.495] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0200.495] GdipCreateRegion (region=0x29da40) returned 0x0 [0200.495] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0200.495] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0200.495] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0200.495] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd920dbd) returned 0x0 [0200.495] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0200.496] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0200.496] GetCurrentObject (hdc=0x20010821, type=0x1) returned 0x1b00017 [0200.496] GetCurrentObject (hdc=0x20010821, type=0x2) returned 0x1900010 [0200.496] GetCurrentObject (hdc=0x20010821, type=0x7) returned 0xa05082d [0200.496] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.496] SaveDC (hdc=0x20010821) returned 1 [0200.496] GetNearestColor (hdc=0x20010821, color=0x0) returned 0x0 [0200.496] GetNearestColor (hdc=0x20010821, color=0x0) returned 0x0 [0200.496] GetNearestColor (hdc=0x20010821, color=0x0) returned 0x0 [0200.496] GetNearestColor (hdc=0x20010821, color=0x989898) returned 0x989898 [0200.496] GetNearestColor (hdc=0x20010821, color=0x8b) returned 0x8b [0200.496] GetNearestColor (hdc=0x20010821, color=0x7f7f7f) returned 0x7f7f7f [0200.496] GetNearestColor (hdc=0x20010821, color=0x989898) returned 0x989898 [0200.496] GetNearestColor (hdc=0x20010821, color=0x0) returned 0x0 [0200.496] GetNearestColor (hdc=0x20010821, color=0x8b) returned 0x8b [0200.496] RestoreDC (hdc=0x20010821, nSavedDC=-1) returned 1 [0200.496] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x20010821) returned 0x0 [0200.496] IsAppThemed () returned 0x1 [0200.496] GetThemeAppProperties () returned 0x3 [0200.496] GetThemeAppProperties () returned 0x3 [0200.496] IsAppThemed () returned 0x1 [0200.496] GetThemeAppProperties () returned 0x3 [0200.496] GetThemeAppProperties () returned 0x3 [0200.496] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x229c0d0 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0200.497] IsAppThemed () returned 0x1 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] IsAppThemed () returned 0x1 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] IsAppThemed () returned 0x1 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] IsAppThemed () returned 0x1 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] IsThemePartDefined () returned 0x1 [0200.497] IsAppThemed () returned 0x1 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0200.497] IsAppThemed () returned 0x1 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] IsAppThemed () returned 0x1 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] GetThemeAppProperties () returned 0x3 [0200.497] IsThemePartDefined () returned 0x1 [0200.497] GdipCreateRegion (region=0x29d520) returned 0x0 [0200.497] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0200.497] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0200.497] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0200.497] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0200.497] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0200.497] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0200.497] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0200.497] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0200.497] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0200.497] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0200.498] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0200.498] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0200.498] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0200.498] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0200.498] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0200.498] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0200.498] GetCurrentObject (hdc=0x20010821, type=0x1) returned 0x1b00017 [0200.498] GetCurrentObject (hdc=0x20010821, type=0x2) returned 0x1900010 [0200.498] GetCurrentObject (hdc=0x20010821, type=0x7) returned 0xa05082d [0200.498] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.498] SaveDC (hdc=0x20010821) returned 1 [0200.498] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff9e040228 [0200.498] GetClipRgn (hdc=0x20010821, hrgn=0xffffffff9e040228) returned 0 [0200.498] SelectClipRgn (hdc=0x20010821, hrgn=0x52040812) returned 2 [0200.498] DeleteObject (ho=0xffffffff9e040228) returned 1 [0200.498] DeleteObject (ho=0x52040812) returned 1 [0200.498] OffsetViewportOrgEx (in: hdc=0x20010821, x=0, y=0, lppt=0x229cab8 | out: lppt=0x229cab8) returned 1 [0200.498] DrawThemeParentBackground () returned 0x0 [0200.498] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0200.498] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0200.498] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0200.498] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0200.498] GetSystemMetrics (nIndex=42) returned 0 [0200.498] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0200.498] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0200.499] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0200.499] GetCurrentObject (hdc=0x20010821, type=0x1) returned 0x1b00017 [0200.499] GetCurrentObject (hdc=0x20010821, type=0x2) returned 0x1900010 [0200.499] GetCurrentObject (hdc=0x20010821, type=0x7) returned 0xa05082d [0200.499] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.499] SaveDC (hdc=0x20010821) returned 2 [0200.499] GetNearestColor (hdc=0x20010821, color=0x0) returned 0x0 [0200.499] CreateSolidBrush (color=0x0) returned 0x4910081f [0200.499] FillRect (hDC=0x20010821, lprc=0x29cb98, hbr=0x4910081f) returned 1 [0200.499] DeleteObject (ho=0x4910081f) returned 1 [0200.499] RestoreDC (hdc=0x20010821, nSavedDC=-1) returned 1 [0200.499] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0200.499] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0200.499] GetSystemMetrics (nIndex=42) returned 0 [0200.499] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0200.499] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0200.499] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0200.499] GetCurrentObject (hdc=0x20010821, type=0x1) returned 0x1b00017 [0200.499] GetCurrentObject (hdc=0x20010821, type=0x2) returned 0x1900010 [0200.499] GetCurrentObject (hdc=0x20010821, type=0x7) returned 0xa05082d [0200.499] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.499] SaveDC (hdc=0x20010821) returned 2 [0200.499] GetNearestColor (hdc=0x20010821, color=0x0) returned 0x0 [0200.500] CreateSolidBrush (color=0x0) returned 0x4a10081f [0200.500] FillRect (hDC=0x20010821, lprc=0x29cac8, hbr=0x4a10081f) returned 1 [0200.500] DeleteObject (ho=0x4a10081f) returned 1 [0200.500] RestoreDC (hdc=0x20010821, nSavedDC=-1) returned 1 [0200.500] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0200.500] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0200.500] GetSystemMetrics (nIndex=42) returned 0 [0200.500] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0200.500] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0200.500] RestoreDC (hdc=0x20010821, nSavedDC=-1) returned 1 [0200.500] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x20010821) returned 0x0 [0200.500] IsAppThemed () returned 0x1 [0200.500] GetThemeAppProperties () returned 0x3 [0200.500] GetThemeAppProperties () returned 0x3 [0200.500] IsAppThemed () returned 0x1 [0200.500] GetThemeAppProperties () returned 0x3 [0200.500] GetThemeAppProperties () returned 0x3 [0200.500] IsThemePartDefined () returned 0x1 [0200.500] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0200.500] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0200.500] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0200.500] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0200.500] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0200.500] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0200.500] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0200.500] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0200.500] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0200.500] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0200.500] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0200.501] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0200.501] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0200.501] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0200.501] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0200.501] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0200.501] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0200.501] GetCurrentObject (hdc=0x20010821, type=0x1) returned 0x1b00017 [0200.501] GetCurrentObject (hdc=0x20010821, type=0x2) returned 0x1900010 [0200.501] GetCurrentObject (hdc=0x20010821, type=0x7) returned 0xa05082d [0200.501] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.501] SaveDC (hdc=0x20010821) returned 1 [0200.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x53040812 [0200.501] GetClipRgn (hdc=0x20010821, hrgn=0x53040812) returned 0 [0200.501] SelectClipRgn (hdc=0x20010821, hrgn=0xffffffffa0040228) returned 2 [0200.501] DeleteObject (ho=0x53040812) returned 1 [0200.501] DeleteObject (ho=0xffffffffa0040228) returned 1 [0200.501] OffsetViewportOrgEx (in: hdc=0x20010821, x=0, y=0, lppt=0x229dbc0 | out: lppt=0x229dbc0) returned 1 [0200.501] IsAppThemed () returned 0x1 [0200.501] GetThemeAppProperties () returned 0x3 [0200.501] GetThemeAppProperties () returned 0x3 [0200.501] DrawThemeBackground () returned 0x0 [0200.501] RestoreDC (hdc=0x20010821, nSavedDC=-1) returned 1 [0200.501] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x20010821) returned 0x0 [0200.501] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0200.501] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0200.502] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0200.502] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0200.502] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0200.502] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0200.502] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0200.502] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0200.502] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0200.502] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0200.502] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0200.502] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0200.502] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0200.502] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0200.502] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0200.502] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0200.502] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0200.502] GetCurrentObject (hdc=0x20010821, type=0x1) returned 0x1b00017 [0200.502] GetCurrentObject (hdc=0x20010821, type=0x2) returned 0x1900010 [0200.502] GetCurrentObject (hdc=0x20010821, type=0x7) returned 0xa05082d [0200.502] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.502] SaveDC (hdc=0x20010821) returned 1 [0200.502] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffa1040228 [0200.502] GetClipRgn (hdc=0x20010821, hrgn=0xffffffffa1040228) returned 0 [0200.502] SelectClipRgn (hdc=0x20010821, hrgn=0x54040812) returned 2 [0200.502] DeleteObject (ho=0xffffffffa1040228) returned 1 [0200.502] DeleteObject (ho=0x54040812) returned 1 [0200.502] OffsetViewportOrgEx (in: hdc=0x20010821, x=0, y=0, lppt=0x229e098 | out: lppt=0x229e098) returned 1 [0200.503] IsAppThemed () returned 0x1 [0200.503] GetThemeAppProperties () returned 0x3 [0200.503] GetThemeAppProperties () returned 0x3 [0200.503] GetThemeBackgroundContentRect () returned 0x0 [0200.503] RestoreDC (hdc=0x20010821, nSavedDC=-1) returned 1 [0200.503] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x20010821) returned 0x0 [0200.503] IsAppThemed () returned 0x1 [0200.503] GetThemeAppProperties () returned 0x3 [0200.503] GetThemeAppProperties () returned 0x3 [0200.503] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0200.503] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0200.503] GetCurrentObject (hdc=0x20010821, type=0x1) returned 0x1b00017 [0200.503] GetCurrentObject (hdc=0x20010821, type=0x2) returned 0x1900010 [0200.503] GetCurrentObject (hdc=0x20010821, type=0x7) returned 0xa05082d [0200.503] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.503] SaveDC (hdc=0x20010821) returned 1 [0200.503] GetTextAlign (hdc=0x20010821) returned 0x0 [0200.503] GetTextColor (hdc=0x20010821) returned 0x0 [0200.503] SetTextColor (hdc=0x20010821, color=0x8b) returned 0x0 [0200.503] GetCurrentObject (hdc=0x20010821, type=0x6) returned 0x18a002e [0200.503] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0200.503] SelectObject (hdc=0x20010821, h=0x90a0819) returned 0x18a002e [0200.503] GetBkMode (hdc=0x20010821) returned 2 [0200.503] SetBkMode (hdc=0x20010821, mode=1) returned 2 [0200.504] DrawTextExW (in: hdc=0x20010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x229e720 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0200.504] DrawTextExW (in: hdc=0x20010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x229e720 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0200.504] RestoreDC (hdc=0x20010821, nSavedDC=-1) returned 1 [0200.504] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x20010821) returned 0x0 [0200.504] GetFocus () returned 0x201ba [0200.504] IsAppThemed () returned 0x1 [0200.504] GetThemeAppProperties () returned 0x3 [0200.504] GetThemeAppProperties () returned 0x3 [0200.504] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0200.504] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x20010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0200.504] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x20010821) returned 0x0 [0200.504] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0200.504] SelectObject (hdc=0x20010821, h=0x185000f) returned 0xa05082d [0200.504] DeleteDC (hdc=0x20010821) returned 1 [0200.504] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0200.504] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0200.505] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x229e888, cPoints=0x1 | out: lpPoints=0x229e888) returned 22938228 [0200.505] WindowFromPoint (Point=0x172000002b7) returned 0x201ba [0200.505] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17202b7) returned 0x1 [0200.505] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0200.505] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0200.505] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0200.505] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0200.505] GetSystemMetrics (nIndex=42) returned 0 [0200.505] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9ad9c0 [0200.505] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9ad9c0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0200.505] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9ad9c0) returned 0x158 [0200.506] CoTaskMemFree (pv=0x1a9ad9c0) [0200.506] OleSetClipboard (pDataObj=0x2df528) returned 0x0 [0200.569] OleFlushClipboard () returned 0x0 [0200.569] GlobalReAlloc (hMem=0x1bee00b8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00b8 [0200.569] GlobalLock (hMem=0x1bee00b8) returned 0x1a9ad6e0 [0200.569] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x229f770, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0200.569] GlobalUnlock (hMem=0x1bee00b8) returned 0 [0200.570] GetCapture () returned 0x201ba [0200.570] ReleaseCapture () returned 1 [0200.570] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0200.570] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.570] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0200.570] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0200.570] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0200.570] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17202b7) returned 0x1 [0200.571] IsWindowUnicode (hWnd=0x201ba) returned 1 [0200.571] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0200.571] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17202b7) returned 0x1 [0200.571] SetCursor (hCursor=0x10003) returned 0x10003 [0200.571] TranslateMessage (lpMsg=0x29ea50) returned 0 [0200.571] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0200.571] GetKeyState (nVirtKey=1) returned 0 [0200.571] GetKeyState (nVirtKey=2) returned 0 [0200.571] GetKeyState (nVirtKey=4) returned 0 [0200.571] GetKeyState (nVirtKey=5) returned 0 [0200.571] GetKeyState (nVirtKey=6) returned 0 [0200.571] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0200.571] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0200.571] WaitMessage () returned 1 [0203.552] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.579] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002c5) returned 0x1 [0203.597] IsWindowUnicode (hWnd=0x201ba) returned 1 [0203.597] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.601] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002c5) returned 0x1 [0203.794] SetCursor (hCursor=0x10003) returned 0x10003 [0203.794] TranslateMessage (lpMsg=0x29ea50) returned 0 [0203.794] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0203.794] GetKeyState (nVirtKey=1) returned 0 [0203.794] GetKeyState (nVirtKey=2) returned 0 [0203.794] GetKeyState (nVirtKey=4) returned 0 [0203.794] GetKeyState (nVirtKey=5) returned 0 [0203.794] GetKeyState (nVirtKey=6) returned 0 [0203.794] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.794] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002c5) returned 0x1 [0203.795] IsWindowUnicode (hWnd=0x201ba) returned 1 [0203.795] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.795] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002c5) returned 0x1 [0203.795] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0203.795] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc30161) returned 0x0 [0203.795] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0203.795] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0203.795] SetCursor (hCursor=0x10003) returned 0x10003 [0203.795] TranslateMessage (lpMsg=0x29ea50) returned 0 [0203.795] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0203.795] GetKeyState (nVirtKey=1) returned -127 [0203.795] GetKeyState (nVirtKey=2) returned 0 [0203.795] GetKeyState (nVirtKey=4) returned 0 [0203.795] GetKeyState (nVirtKey=5) returned 0 [0203.795] GetKeyState (nVirtKey=6) returned 0 [0203.795] IsWindowVisible (hWnd=0x201ba) returned 1 [0203.795] IsWindowEnabled (hWnd=0x201ba) returned 1 [0203.795] SetFocus (hWnd=0x201ba) returned 0x201ba [0203.795] GetFocus () returned 0x201ba [0203.795] GetFocus () returned 0x201ba [0203.795] GetFocus () returned 0x201ba [0203.795] GetKeyState (nVirtKey=1) returned -127 [0203.795] GetKeyState (nVirtKey=2) returned 0 [0203.795] GetKeyState (nVirtKey=4) returned 0 [0203.795] GetKeyState (nVirtKey=5) returned 0 [0203.796] GetKeyState (nVirtKey=6) returned 0 [0203.796] GetCapture () returned 0x0 [0203.796] SetCapture (hWnd=0x201ba) returned 0x0 [0203.796] GetKeyState (nVirtKey=1) returned -127 [0203.796] GetKeyState (nVirtKey=2) returned 0 [0203.796] GetKeyState (nVirtKey=4) returned 0 [0203.796] GetKeyState (nVirtKey=5) returned 0 [0203.796] GetKeyState (nVirtKey=6) returned 0 [0203.796] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0203.796] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0203.796] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.796] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.796] TranslateMessage (lpMsg=0x29ea50) returned 0 [0203.796] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0203.796] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.796] IsWindowUnicode (hWnd=0x201ba) returned 1 [0203.796] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.796] TranslateMessage (lpMsg=0x29ea50) returned 0 [0203.796] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0203.796] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x229fb18, cPoints=0x1 | out: lpPoints=0x229fb18) returned 22938228 [0203.796] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0203.796] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0203.796] UpdateWindow (hWnd=0x201ba) returned 1 [0203.796] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0203.796] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0203.796] CreateCompatibleDC (hdc=0x501080c) returned 0x21010821 [0203.797] SelectObject (hdc=0x21010821, h=0xa05082d) returned 0x185000f [0203.797] GdipCreateFromHDC (hdc=0x21010821, graphics=0x29da18) returned 0x0 [0203.797] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0203.797] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0203.797] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0203.797] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0203.797] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0203.797] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0203.797] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0203.797] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0203.797] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0203.797] GdipCreateRegion (region=0x29da40) returned 0x0 [0203.797] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0203.797] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0203.797] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0203.797] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd900dbd) returned 0x0 [0203.797] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0203.797] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0203.797] GetCurrentObject (hdc=0x21010821, type=0x1) returned 0x1b00017 [0203.798] GetCurrentObject (hdc=0x21010821, type=0x2) returned 0x1900010 [0203.798] GetCurrentObject (hdc=0x21010821, type=0x7) returned 0xa05082d [0203.798] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.798] SaveDC (hdc=0x21010821) returned 1 [0203.798] GetNearestColor (hdc=0x21010821, color=0x0) returned 0x0 [0203.798] GetNearestColor (hdc=0x21010821, color=0x0) returned 0x0 [0203.798] GetNearestColor (hdc=0x21010821, color=0x0) returned 0x0 [0203.798] GetNearestColor (hdc=0x21010821, color=0x989898) returned 0x989898 [0203.798] GetNearestColor (hdc=0x21010821, color=0x8b) returned 0x8b [0203.798] GetNearestColor (hdc=0x21010821, color=0x7f7f7f) returned 0x7f7f7f [0203.798] GetNearestColor (hdc=0x21010821, color=0x989898) returned 0x989898 [0203.798] GetNearestColor (hdc=0x21010821, color=0x0) returned 0x0 [0203.798] GetNearestColor (hdc=0x21010821, color=0x8b) returned 0x8b [0203.798] RestoreDC (hdc=0x21010821, nSavedDC=-1) returned 1 [0203.798] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x21010821) returned 0x0 [0203.798] IsAppThemed () returned 0x1 [0203.798] GetThemeAppProperties () returned 0x3 [0203.798] GetThemeAppProperties () returned 0x3 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22a06f0 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] IsThemePartDefined () returned 0x1 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] IsAppThemed () returned 0x1 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] GetThemeAppProperties () returned 0x3 [0203.799] IsThemePartDefined () returned 0x1 [0203.799] GdipCreateRegion (region=0x29d520) returned 0x0 [0203.800] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0203.800] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0203.800] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0203.800] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0203.800] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0203.800] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0203.800] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0203.800] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0203.800] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0203.800] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0203.800] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0203.800] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0203.800] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0203.800] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0203.800] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0203.800] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0203.800] GetCurrentObject (hdc=0x21010821, type=0x1) returned 0x1b00017 [0203.800] GetCurrentObject (hdc=0x21010821, type=0x2) returned 0x1900010 [0203.800] GetCurrentObject (hdc=0x21010821, type=0x7) returned 0xa05082d [0203.800] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.801] SaveDC (hdc=0x21010821) returned 1 [0203.801] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x55040812 [0203.801] GetClipRgn (hdc=0x21010821, hrgn=0x55040812) returned 0 [0203.801] SelectClipRgn (hdc=0x21010821, hrgn=0xffffffffa5040228) returned 2 [0203.801] DeleteObject (ho=0x55040812) returned 1 [0203.801] DeleteObject (ho=0xffffffffa5040228) returned 1 [0203.801] OffsetViewportOrgEx (in: hdc=0x21010821, x=0, y=0, lppt=0x22a10d8 | out: lppt=0x22a10d8) returned 1 [0203.801] DrawThemeParentBackground () returned 0x0 [0203.801] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0203.801] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0203.801] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0203.802] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0203.802] GetSystemMetrics (nIndex=42) returned 0 [0203.802] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0203.802] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0203.802] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0203.802] GetCurrentObject (hdc=0x21010821, type=0x1) returned 0x1b00017 [0203.802] GetCurrentObject (hdc=0x21010821, type=0x2) returned 0x1900010 [0203.802] GetCurrentObject (hdc=0x21010821, type=0x7) returned 0xa05082d [0203.802] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.802] SaveDC (hdc=0x21010821) returned 2 [0203.802] GetNearestColor (hdc=0x21010821, color=0x0) returned 0x0 [0203.802] CreateSolidBrush (color=0x0) returned 0x4b10081f [0203.802] FillRect (hDC=0x21010821, lprc=0x29cb98, hbr=0x4b10081f) returned 1 [0203.802] DeleteObject (ho=0x4b10081f) returned 1 [0203.802] RestoreDC (hdc=0x21010821, nSavedDC=-1) returned 1 [0203.802] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0203.802] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0203.802] GetSystemMetrics (nIndex=42) returned 0 [0203.802] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0203.803] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0203.803] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0203.803] GetCurrentObject (hdc=0x21010821, type=0x1) returned 0x1b00017 [0203.803] GetCurrentObject (hdc=0x21010821, type=0x2) returned 0x1900010 [0203.803] GetCurrentObject (hdc=0x21010821, type=0x7) returned 0xa05082d [0203.803] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.803] SaveDC (hdc=0x21010821) returned 2 [0203.803] GetNearestColor (hdc=0x21010821, color=0x0) returned 0x0 [0203.803] CreateSolidBrush (color=0x0) returned 0x4c10081f [0203.803] FillRect (hDC=0x21010821, lprc=0x29cac8, hbr=0x4c10081f) returned 1 [0203.803] DeleteObject (ho=0x4c10081f) returned 1 [0203.803] RestoreDC (hdc=0x21010821, nSavedDC=-1) returned 1 [0203.803] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0203.803] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0203.803] GetSystemMetrics (nIndex=42) returned 0 [0203.803] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0203.803] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0203.803] RestoreDC (hdc=0x21010821, nSavedDC=-1) returned 1 [0203.803] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x21010821) returned 0x0 [0203.803] IsAppThemed () returned 0x1 [0203.803] GetThemeAppProperties () returned 0x3 [0203.804] GetThemeAppProperties () returned 0x3 [0203.804] IsAppThemed () returned 0x1 [0203.804] GetThemeAppProperties () returned 0x3 [0203.804] GetThemeAppProperties () returned 0x3 [0203.804] IsThemePartDefined () returned 0x1 [0203.804] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0203.804] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0203.804] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0203.804] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0203.804] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0203.804] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0203.804] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0203.804] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0203.804] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0203.804] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0203.804] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0203.804] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0203.804] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0203.804] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0203.804] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0203.804] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0203.804] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0203.804] GetCurrentObject (hdc=0x21010821, type=0x1) returned 0x1b00017 [0203.804] GetCurrentObject (hdc=0x21010821, type=0x2) returned 0x1900010 [0203.804] GetCurrentObject (hdc=0x21010821, type=0x7) returned 0xa05082d [0203.804] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.804] SaveDC (hdc=0x21010821) returned 1 [0203.805] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffa6040228 [0203.805] GetClipRgn (hdc=0x21010821, hrgn=0xffffffffa6040228) returned 0 [0203.805] SelectClipRgn (hdc=0x21010821, hrgn=0x57040812) returned 2 [0203.805] DeleteObject (ho=0xffffffffa6040228) returned 1 [0203.805] DeleteObject (ho=0x57040812) returned 1 [0203.805] OffsetViewportOrgEx (in: hdc=0x21010821, x=0, y=0, lppt=0x22a21e0 | out: lppt=0x22a21e0) returned 1 [0203.805] IsAppThemed () returned 0x1 [0203.805] GetThemeAppProperties () returned 0x3 [0203.805] GetThemeAppProperties () returned 0x3 [0203.805] DrawThemeBackground () returned 0x0 [0203.805] RestoreDC (hdc=0x21010821, nSavedDC=-1) returned 1 [0203.805] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x21010821) returned 0x0 [0203.805] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0203.805] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0203.805] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0203.805] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0203.805] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0203.805] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0203.805] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0203.805] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0203.805] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0203.805] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0203.805] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0203.805] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0203.805] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0203.805] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0203.806] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0203.806] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0203.806] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0203.806] GetCurrentObject (hdc=0x21010821, type=0x1) returned 0x1b00017 [0203.806] GetCurrentObject (hdc=0x21010821, type=0x2) returned 0x1900010 [0203.806] GetCurrentObject (hdc=0x21010821, type=0x7) returned 0xa05082d [0203.806] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.806] SaveDC (hdc=0x21010821) returned 1 [0203.806] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x58040812 [0203.806] GetClipRgn (hdc=0x21010821, hrgn=0x58040812) returned 0 [0203.806] SelectClipRgn (hdc=0x21010821, hrgn=0xffffffffa7040228) returned 2 [0203.806] DeleteObject (ho=0x58040812) returned 1 [0203.806] DeleteObject (ho=0xffffffffa7040228) returned 1 [0203.806] OffsetViewportOrgEx (in: hdc=0x21010821, x=0, y=0, lppt=0x22a26b8 | out: lppt=0x22a26b8) returned 1 [0203.806] IsAppThemed () returned 0x1 [0203.806] GetThemeAppProperties () returned 0x3 [0203.806] GetThemeAppProperties () returned 0x3 [0203.806] GetThemeBackgroundContentRect () returned 0x0 [0203.806] RestoreDC (hdc=0x21010821, nSavedDC=-1) returned 1 [0203.806] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x21010821) returned 0x0 [0203.806] IsAppThemed () returned 0x1 [0203.806] GetThemeAppProperties () returned 0x3 [0203.806] GetThemeAppProperties () returned 0x3 [0203.806] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0203.806] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0203.806] GetCurrentObject (hdc=0x21010821, type=0x1) returned 0x1b00017 [0203.807] GetCurrentObject (hdc=0x21010821, type=0x2) returned 0x1900010 [0203.807] GetCurrentObject (hdc=0x21010821, type=0x7) returned 0xa05082d [0203.807] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.807] SaveDC (hdc=0x21010821) returned 1 [0203.807] GetTextAlign (hdc=0x21010821) returned 0x0 [0203.807] GetTextColor (hdc=0x21010821) returned 0x0 [0203.807] SetTextColor (hdc=0x21010821, color=0x8b) returned 0x0 [0203.807] GetCurrentObject (hdc=0x21010821, type=0x6) returned 0x18a002e [0203.807] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0203.807] SelectObject (hdc=0x21010821, h=0x90a0819) returned 0x18a002e [0203.807] GetBkMode (hdc=0x21010821) returned 2 [0203.807] SetBkMode (hdc=0x21010821, mode=1) returned 2 [0203.807] DrawTextExW (in: hdc=0x21010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22a2d40 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0203.807] DrawTextExW (in: hdc=0x21010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22a2d40 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0203.807] RestoreDC (hdc=0x21010821, nSavedDC=-1) returned 1 [0203.807] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x21010821) returned 0x0 [0203.808] GetFocus () returned 0x201ba [0203.808] IsAppThemed () returned 0x1 [0203.808] GetThemeAppProperties () returned 0x3 [0203.808] GetThemeAppProperties () returned 0x3 [0203.808] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0203.808] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x21010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0203.808] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x21010821) returned 0x0 [0203.808] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0203.808] SelectObject (hdc=0x21010821, h=0x185000f) returned 0xa05082d [0203.808] DeleteDC (hdc=0x21010821) returned 1 [0203.808] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0203.808] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0203.808] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22a2ea8, cPoints=0x1 | out: lpPoints=0x22a2ea8) returned 22938228 [0203.808] WindowFromPoint (Point=0x170000002c5) returned 0x201ba [0203.808] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002c5) returned 0x1 [0203.808] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0203.808] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0203.808] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0203.808] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0203.808] GetSystemMetrics (nIndex=42) returned 0 [0203.808] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9b0960 [0203.808] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9b0960, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0203.808] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9b0960) returned 0x158 [0203.809] CoTaskMemFree (pv=0x1a9b0960) [0203.823] OleSetClipboard (pDataObj=0x2df428) returned 0x0 [0203.830] OleFlushClipboard () returned 0x0 [0203.830] GlobalReAlloc (hMem=0x1bee00c8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00c8 [0203.830] GlobalLock (hMem=0x1bee00c8) returned 0x1a9ad6e0 [0203.830] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x22a3d90, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0203.830] GlobalUnlock (hMem=0x1bee00c8) returned 0 [0203.831] GetCapture () returned 0x201ba [0203.831] ReleaseCapture () returned 1 [0203.831] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0203.831] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.832] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0203.832] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0203.832] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0203.832] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002c5) returned 0x1 [0203.832] IsWindowUnicode (hWnd=0x201ba) returned 1 [0203.832] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0203.832] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002c5) returned 0x1 [0203.832] SetCursor (hCursor=0x10003) returned 0x10003 [0203.832] TranslateMessage (lpMsg=0x29ea50) returned 0 [0203.832] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0203.832] GetKeyState (nVirtKey=1) returned 1 [0203.832] GetKeyState (nVirtKey=2) returned 0 [0203.832] GetKeyState (nVirtKey=4) returned 0 [0203.832] GetKeyState (nVirtKey=5) returned 0 [0203.832] GetKeyState (nVirtKey=6) returned 0 [0203.832] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0203.832] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0203.832] WaitMessage () returned 1 [0206.886] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0206.886] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a4) returned 0x1 [0206.886] IsWindowUnicode (hWnd=0x201ba) returned 1 [0206.886] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0206.886] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a4) returned 0x1 [0206.886] SetCursor (hCursor=0x10003) returned 0x10003 [0206.886] TranslateMessage (lpMsg=0x29ea50) returned 0 [0206.886] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0206.886] GetKeyState (nVirtKey=1) returned 1 [0206.886] GetKeyState (nVirtKey=2) returned 0 [0206.928] GetKeyState (nVirtKey=4) returned 0 [0206.928] GetKeyState (nVirtKey=5) returned 0 [0206.928] GetKeyState (nVirtKey=6) returned 0 [0206.928] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0206.928] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a4) returned 0x1 [0206.928] IsWindowUnicode (hWnd=0x201ba) returned 1 [0206.928] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0206.928] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a4) returned 0x1 [0206.969] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0206.969] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc40140) returned 0x0 [0206.969] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0206.970] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0207.068] SetCursor (hCursor=0x10003) returned 0x10003 [0207.069] TranslateMessage (lpMsg=0x29ea50) returned 0 [0207.069] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0207.069] GetKeyState (nVirtKey=1) returned -128 [0207.069] GetKeyState (nVirtKey=2) returned 0 [0207.069] GetKeyState (nVirtKey=4) returned 0 [0207.069] GetKeyState (nVirtKey=5) returned 0 [0207.069] GetKeyState (nVirtKey=6) returned 0 [0207.069] IsWindowVisible (hWnd=0x201ba) returned 1 [0207.069] IsWindowEnabled (hWnd=0x201ba) returned 1 [0207.069] SetFocus (hWnd=0x201ba) returned 0x201ba [0207.069] GetFocus () returned 0x201ba [0207.069] GetFocus () returned 0x201ba [0207.069] GetFocus () returned 0x201ba [0207.069] GetKeyState (nVirtKey=1) returned -128 [0207.069] GetKeyState (nVirtKey=2) returned 0 [0207.069] GetKeyState (nVirtKey=4) returned 0 [0207.069] GetKeyState (nVirtKey=5) returned 0 [0207.069] GetKeyState (nVirtKey=6) returned 0 [0207.069] GetCapture () returned 0x0 [0207.069] SetCapture (hWnd=0x201ba) returned 0x0 [0207.069] GetKeyState (nVirtKey=1) returned -128 [0207.069] GetKeyState (nVirtKey=2) returned 0 [0207.069] GetKeyState (nVirtKey=4) returned 0 [0207.069] GetKeyState (nVirtKey=5) returned 0 [0207.069] GetKeyState (nVirtKey=6) returned 0 [0207.069] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0207.069] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0207.069] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0207.069] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0207.069] TranslateMessage (lpMsg=0x29ea50) returned 0 [0207.069] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0207.070] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0207.070] IsWindowUnicode (hWnd=0x201ba) returned 1 [0207.070] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0207.070] TranslateMessage (lpMsg=0x29ea50) returned 0 [0207.070] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0207.070] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22a4138, cPoints=0x1 | out: lpPoints=0x22a4138) returned 22938228 [0207.070] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0207.070] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0207.070] UpdateWindow (hWnd=0x201ba) returned 1 [0207.070] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0207.070] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0207.070] CreateCompatibleDC (hdc=0x501080c) returned 0x22010821 [0207.070] SelectObject (hdc=0x22010821, h=0xa05082d) returned 0x185000f [0207.070] GdipCreateFromHDC (hdc=0x22010821, graphics=0x29da18) returned 0x0 [0207.070] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0207.070] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0207.070] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0207.070] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0207.070] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0207.070] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0207.070] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0207.071] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0207.071] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0207.071] GdipCreateRegion (region=0x29da40) returned 0x0 [0207.071] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0207.071] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0207.071] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0207.071] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd8e0dbd) returned 0x0 [0207.071] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0207.071] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0207.071] GetCurrentObject (hdc=0x22010821, type=0x1) returned 0x1b00017 [0207.071] GetCurrentObject (hdc=0x22010821, type=0x2) returned 0x1900010 [0207.071] GetCurrentObject (hdc=0x22010821, type=0x7) returned 0xa05082d [0207.071] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.071] SaveDC (hdc=0x22010821) returned 1 [0207.071] GetNearestColor (hdc=0x22010821, color=0x0) returned 0x0 [0207.071] GetNearestColor (hdc=0x22010821, color=0x0) returned 0x0 [0207.071] GetNearestColor (hdc=0x22010821, color=0x0) returned 0x0 [0207.071] GetNearestColor (hdc=0x22010821, color=0x989898) returned 0x989898 [0207.071] GetNearestColor (hdc=0x22010821, color=0x8b) returned 0x8b [0207.072] GetNearestColor (hdc=0x22010821, color=0x7f7f7f) returned 0x7f7f7f [0207.072] GetNearestColor (hdc=0x22010821, color=0x989898) returned 0x989898 [0207.072] GetNearestColor (hdc=0x22010821, color=0x0) returned 0x0 [0207.072] GetNearestColor (hdc=0x22010821, color=0x8b) returned 0x8b [0207.072] RestoreDC (hdc=0x22010821, nSavedDC=-1) returned 1 [0207.072] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x22010821) returned 0x0 [0207.072] IsAppThemed () returned 0x1 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] IsAppThemed () returned 0x1 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22a4d10 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0207.072] IsAppThemed () returned 0x1 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] IsAppThemed () returned 0x1 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] IsAppThemed () returned 0x1 [0207.072] GetThemeAppProperties () returned 0x3 [0207.072] GetThemeAppProperties () returned 0x3 [0207.073] IsAppThemed () returned 0x1 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] IsThemePartDefined () returned 0x1 [0207.073] IsAppThemed () returned 0x1 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0207.073] IsAppThemed () returned 0x1 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] IsAppThemed () returned 0x1 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] GetThemeAppProperties () returned 0x3 [0207.073] IsThemePartDefined () returned 0x1 [0207.073] GdipCreateRegion (region=0x29d520) returned 0x0 [0207.073] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0207.073] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0207.073] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0207.073] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0207.073] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0207.073] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0207.073] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0207.073] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0207.073] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0207.074] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0207.074] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0207.074] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0207.074] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0207.074] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0207.074] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0207.074] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0207.074] GetCurrentObject (hdc=0x22010821, type=0x1) returned 0x1b00017 [0207.074] GetCurrentObject (hdc=0x22010821, type=0x2) returned 0x1900010 [0207.074] GetCurrentObject (hdc=0x22010821, type=0x7) returned 0xa05082d [0207.074] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.074] SaveDC (hdc=0x22010821) returned 1 [0207.074] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffa8040228 [0207.074] GetClipRgn (hdc=0x22010821, hrgn=0xffffffffa8040228) returned 0 [0207.074] SelectClipRgn (hdc=0x22010821, hrgn=0x5c040812) returned 2 [0207.074] DeleteObject (ho=0xffffffffa8040228) returned 1 [0207.074] DeleteObject (ho=0x5c040812) returned 1 [0207.074] OffsetViewportOrgEx (in: hdc=0x22010821, x=0, y=0, lppt=0x22a56f8 | out: lppt=0x22a56f8) returned 1 [0207.074] DrawThemeParentBackground () returned 0x0 [0207.075] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0207.075] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0207.075] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0207.075] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0207.075] GetSystemMetrics (nIndex=42) returned 0 [0207.075] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0207.075] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0207.075] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0207.075] GetCurrentObject (hdc=0x22010821, type=0x1) returned 0x1b00017 [0207.075] GetCurrentObject (hdc=0x22010821, type=0x2) returned 0x1900010 [0207.075] GetCurrentObject (hdc=0x22010821, type=0x7) returned 0xa05082d [0207.075] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.075] SaveDC (hdc=0x22010821) returned 2 [0207.075] GetNearestColor (hdc=0x22010821, color=0x0) returned 0x0 [0207.075] CreateSolidBrush (color=0x0) returned 0x4d10081f [0207.075] FillRect (hDC=0x22010821, lprc=0x29cb98, hbr=0x4d10081f) returned 1 [0207.075] DeleteObject (ho=0x4d10081f) returned 1 [0207.075] RestoreDC (hdc=0x22010821, nSavedDC=-1) returned 1 [0207.076] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0207.076] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0207.076] GetSystemMetrics (nIndex=42) returned 0 [0207.076] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0207.076] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0207.076] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0207.076] GetCurrentObject (hdc=0x22010821, type=0x1) returned 0x1b00017 [0207.076] GetCurrentObject (hdc=0x22010821, type=0x2) returned 0x1900010 [0207.076] GetCurrentObject (hdc=0x22010821, type=0x7) returned 0xa05082d [0207.076] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.076] SaveDC (hdc=0x22010821) returned 2 [0207.076] GetNearestColor (hdc=0x22010821, color=0x0) returned 0x0 [0207.076] CreateSolidBrush (color=0x0) returned 0x4e10081f [0207.076] FillRect (hDC=0x22010821, lprc=0x29cac8, hbr=0x4e10081f) returned 1 [0207.076] DeleteObject (ho=0x4e10081f) returned 1 [0207.076] RestoreDC (hdc=0x22010821, nSavedDC=-1) returned 1 [0207.076] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0207.076] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0207.076] GetSystemMetrics (nIndex=42) returned 0 [0207.076] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0207.076] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0207.077] RestoreDC (hdc=0x22010821, nSavedDC=-1) returned 1 [0207.077] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x22010821) returned 0x0 [0207.077] IsAppThemed () returned 0x1 [0207.077] GetThemeAppProperties () returned 0x3 [0207.077] GetThemeAppProperties () returned 0x3 [0207.077] IsAppThemed () returned 0x1 [0207.077] GetThemeAppProperties () returned 0x3 [0207.077] GetThemeAppProperties () returned 0x3 [0207.077] IsThemePartDefined () returned 0x1 [0207.077] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0207.077] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0207.077] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0207.077] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0207.077] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0207.077] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0207.077] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0207.077] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0207.077] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0207.077] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0207.077] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0207.077] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0207.077] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0207.077] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0207.077] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0207.078] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0207.078] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0207.078] GetCurrentObject (hdc=0x22010821, type=0x1) returned 0x1b00017 [0207.078] GetCurrentObject (hdc=0x22010821, type=0x2) returned 0x1900010 [0207.078] GetCurrentObject (hdc=0x22010821, type=0x7) returned 0xa05082d [0207.078] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.078] SaveDC (hdc=0x22010821) returned 1 [0207.078] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5d040812 [0207.078] GetClipRgn (hdc=0x22010821, hrgn=0x5d040812) returned 0 [0207.078] SelectClipRgn (hdc=0x22010821, hrgn=0xffffffffaa040228) returned 2 [0207.078] DeleteObject (ho=0x5d040812) returned 1 [0207.078] DeleteObject (ho=0xffffffffaa040228) returned 1 [0207.078] OffsetViewportOrgEx (in: hdc=0x22010821, x=0, y=0, lppt=0x22a6800 | out: lppt=0x22a6800) returned 1 [0207.078] IsAppThemed () returned 0x1 [0207.078] GetThemeAppProperties () returned 0x3 [0207.078] GetThemeAppProperties () returned 0x3 [0207.078] DrawThemeBackground () returned 0x0 [0207.078] RestoreDC (hdc=0x22010821, nSavedDC=-1) returned 1 [0207.078] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x22010821) returned 0x0 [0207.078] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0207.079] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0207.079] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0207.079] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0207.079] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0207.079] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0207.079] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0207.079] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0207.079] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0207.079] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0207.079] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0207.079] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0207.079] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0207.079] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0207.079] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0207.079] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0207.079] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0207.079] GetCurrentObject (hdc=0x22010821, type=0x1) returned 0x1b00017 [0207.079] GetCurrentObject (hdc=0x22010821, type=0x2) returned 0x1900010 [0207.079] GetCurrentObject (hdc=0x22010821, type=0x7) returned 0xa05082d [0207.079] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.079] SaveDC (hdc=0x22010821) returned 1 [0207.080] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffab040228 [0207.080] GetClipRgn (hdc=0x22010821, hrgn=0xffffffffab040228) returned 0 [0207.080] SelectClipRgn (hdc=0x22010821, hrgn=0x5e040812) returned 2 [0207.080] DeleteObject (ho=0xffffffffab040228) returned 1 [0207.080] DeleteObject (ho=0x5e040812) returned 1 [0207.080] OffsetViewportOrgEx (in: hdc=0x22010821, x=0, y=0, lppt=0x22a6cd8 | out: lppt=0x22a6cd8) returned 1 [0207.080] IsAppThemed () returned 0x1 [0207.080] GetThemeAppProperties () returned 0x3 [0207.080] GetThemeAppProperties () returned 0x3 [0207.080] GetThemeBackgroundContentRect () returned 0x0 [0207.080] RestoreDC (hdc=0x22010821, nSavedDC=-1) returned 1 [0207.080] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x22010821) returned 0x0 [0207.080] IsAppThemed () returned 0x1 [0207.080] GetThemeAppProperties () returned 0x3 [0207.080] GetThemeAppProperties () returned 0x3 [0207.080] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0207.080] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0207.080] GetCurrentObject (hdc=0x22010821, type=0x1) returned 0x1b00017 [0207.080] GetCurrentObject (hdc=0x22010821, type=0x2) returned 0x1900010 [0207.080] GetCurrentObject (hdc=0x22010821, type=0x7) returned 0xa05082d [0207.080] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.080] SaveDC (hdc=0x22010821) returned 1 [0207.080] GetTextAlign (hdc=0x22010821) returned 0x0 [0207.081] GetTextColor (hdc=0x22010821) returned 0x0 [0207.081] SetTextColor (hdc=0x22010821, color=0x8b) returned 0x0 [0207.081] GetCurrentObject (hdc=0x22010821, type=0x6) returned 0x18a002e [0207.081] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0207.081] SelectObject (hdc=0x22010821, h=0x90a0819) returned 0x18a002e [0207.081] GetBkMode (hdc=0x22010821) returned 2 [0207.081] SetBkMode (hdc=0x22010821, mode=1) returned 2 [0207.081] DrawTextExW (in: hdc=0x22010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22a7360 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0207.081] DrawTextExW (in: hdc=0x22010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22a7360 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0207.081] RestoreDC (hdc=0x22010821, nSavedDC=-1) returned 1 [0207.081] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x22010821) returned 0x0 [0207.081] GetFocus () returned 0x201ba [0207.081] IsAppThemed () returned 0x1 [0207.081] GetThemeAppProperties () returned 0x3 [0207.081] GetThemeAppProperties () returned 0x3 [0207.082] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0207.082] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x22010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0207.082] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x22010821) returned 0x0 [0207.082] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0207.082] SelectObject (hdc=0x22010821, h=0x185000f) returned 0xa05082d [0207.082] DeleteDC (hdc=0x22010821) returned 1 [0207.082] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0207.082] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0207.082] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22a74c8, cPoints=0x1 | out: lpPoints=0x22a74c8) returned 22938228 [0207.082] WindowFromPoint (Point=0x171000002a4) returned 0x201ba [0207.082] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a4) returned 0x1 [0207.082] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0207.082] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0207.082] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0207.082] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0207.082] GetSystemMetrics (nIndex=42) returned 0 [0207.082] CoTaskMemAlloc (cb=0x2b6) returned 0x1a99d6a0 [0207.082] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a99d6a0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0207.082] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a99d6a0) returned 0x158 [0207.083] CoTaskMemFree (pv=0x1a99d6a0) [0207.083] OleSetClipboard (pDataObj=0x2df328) returned 0x0 [0207.094] OleFlushClipboard () returned 0x0 [0207.094] GlobalReAlloc (hMem=0x1bee00d8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00d8 [0207.094] GlobalLock (hMem=0x1bee00d8) returned 0x1a9ad6e0 [0207.094] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x22a83b0, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0207.094] GlobalUnlock (hMem=0x1bee00d8) returned 0 [0207.095] GetCapture () returned 0x201ba [0207.095] ReleaseCapture () returned 1 [0207.095] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0207.095] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0207.095] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a4) returned 0x1 [0207.095] IsWindowUnicode (hWnd=0x201ba) returned 1 [0207.096] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0207.096] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102a4) returned 0x1 [0207.096] SetCursor (hCursor=0x10003) returned 0x10003 [0207.096] TranslateMessage (lpMsg=0x29ea50) returned 0 [0207.096] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0207.096] GetKeyState (nVirtKey=1) returned 0 [0207.096] GetKeyState (nVirtKey=2) returned 0 [0207.096] GetKeyState (nVirtKey=4) returned 0 [0207.096] GetKeyState (nVirtKey=5) returned 0 [0207.096] GetKeyState (nVirtKey=6) returned 0 [0207.096] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0207.096] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0207.096] WaitMessage () returned 1 [0207.097] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0207.097] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0207.097] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0207.098] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0207.098] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0207.098] WaitMessage () returned 1 [0208.096] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0208.097] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0208.097] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0208.097] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0208.097] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0208.097] WaitMessage () returned 1 [0209.196] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0209.197] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0209.199] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0209.199] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0209.199] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0209.199] WaitMessage () returned 1 [0209.575] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.575] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16b02b8) returned 0x1 [0209.608] IsWindowUnicode (hWnd=0x201ba) returned 1 [0209.608] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.608] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16b02b8) returned 0x1 [0209.608] SetCursor (hCursor=0x10003) returned 0x10003 [0209.609] TranslateMessage (lpMsg=0x29ea50) returned 0 [0209.609] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0209.609] GetKeyState (nVirtKey=1) returned 0 [0209.609] GetKeyState (nVirtKey=2) returned 0 [0209.609] GetKeyState (nVirtKey=4) returned 0 [0209.609] GetKeyState (nVirtKey=5) returned 0 [0209.609] GetKeyState (nVirtKey=6) returned 0 [0209.609] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.609] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16b02b8) returned 0x1 [0209.609] IsWindowUnicode (hWnd=0x201ba) returned 1 [0209.609] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.609] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16b02b8) returned 0x1 [0209.609] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0209.609] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xbe0154) returned 0x0 [0209.609] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0209.609] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0209.609] SetCursor (hCursor=0x10003) returned 0x10003 [0209.609] TranslateMessage (lpMsg=0x29ea50) returned 0 [0209.609] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0209.609] GetKeyState (nVirtKey=1) returned -127 [0209.609] GetKeyState (nVirtKey=2) returned 0 [0209.609] GetKeyState (nVirtKey=4) returned 0 [0209.609] GetKeyState (nVirtKey=5) returned 0 [0209.609] GetKeyState (nVirtKey=6) returned 0 [0209.609] IsWindowVisible (hWnd=0x201ba) returned 1 [0209.609] IsWindowEnabled (hWnd=0x201ba) returned 1 [0209.609] SetFocus (hWnd=0x201ba) returned 0x201ba [0209.609] GetFocus () returned 0x201ba [0209.609] GetFocus () returned 0x201ba [0209.609] GetFocus () returned 0x201ba [0209.609] GetKeyState (nVirtKey=1) returned -127 [0209.609] GetKeyState (nVirtKey=2) returned 0 [0209.609] GetKeyState (nVirtKey=4) returned 0 [0209.609] GetKeyState (nVirtKey=5) returned 0 [0209.609] GetKeyState (nVirtKey=6) returned 0 [0209.609] GetCapture () returned 0x0 [0209.610] SetCapture (hWnd=0x201ba) returned 0x0 [0209.610] GetKeyState (nVirtKey=1) returned -127 [0209.610] GetKeyState (nVirtKey=2) returned 0 [0209.610] GetKeyState (nVirtKey=4) returned 0 [0209.610] GetKeyState (nVirtKey=5) returned 0 [0209.610] GetKeyState (nVirtKey=6) returned 0 [0209.610] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0209.610] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0209.610] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.610] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.610] TranslateMessage (lpMsg=0x29ea50) returned 0 [0209.610] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0209.610] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.610] IsWindowUnicode (hWnd=0x201ba) returned 1 [0209.610] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.610] TranslateMessage (lpMsg=0x29ea50) returned 0 [0209.610] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0209.610] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22a8800, cPoints=0x1 | out: lpPoints=0x22a8800) returned 22938228 [0209.610] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0209.610] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0209.610] UpdateWindow (hWnd=0x201ba) returned 1 [0209.610] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0209.610] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0209.610] CreateCompatibleDC (hdc=0x501080c) returned 0x23010821 [0209.610] SelectObject (hdc=0x23010821, h=0xa05082d) returned 0x185000f [0209.610] GdipCreateFromHDC (hdc=0x23010821, graphics=0x29da18) returned 0x0 [0209.610] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0209.610] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0209.610] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0209.610] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0209.610] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0209.610] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0209.611] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0209.611] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0209.611] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0209.611] GdipCreateRegion (region=0x29da40) returned 0x0 [0209.611] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0209.611] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0209.611] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0209.611] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd8c0dbd) returned 0x0 [0209.611] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0209.611] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0209.611] GetCurrentObject (hdc=0x23010821, type=0x1) returned 0x1b00017 [0209.611] GetCurrentObject (hdc=0x23010821, type=0x2) returned 0x1900010 [0209.611] GetCurrentObject (hdc=0x23010821, type=0x7) returned 0xa05082d [0209.611] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.611] SaveDC (hdc=0x23010821) returned 1 [0209.611] GetNearestColor (hdc=0x23010821, color=0x0) returned 0x0 [0209.611] GetNearestColor (hdc=0x23010821, color=0x0) returned 0x0 [0209.611] GetNearestColor (hdc=0x23010821, color=0x0) returned 0x0 [0209.611] GetNearestColor (hdc=0x23010821, color=0x989898) returned 0x989898 [0209.611] GetNearestColor (hdc=0x23010821, color=0x8b) returned 0x8b [0209.611] GetNearestColor (hdc=0x23010821, color=0x7f7f7f) returned 0x7f7f7f [0209.611] GetNearestColor (hdc=0x23010821, color=0x989898) returned 0x989898 [0209.611] GetNearestColor (hdc=0x23010821, color=0x0) returned 0x0 [0209.611] GetNearestColor (hdc=0x23010821, color=0x8b) returned 0x8b [0209.612] RestoreDC (hdc=0x23010821, nSavedDC=-1) returned 1 [0209.612] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x23010821) returned 0x0 [0209.612] IsAppThemed () returned 0x1 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] IsAppThemed () returned 0x1 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22a93d8 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0209.612] IsAppThemed () returned 0x1 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] IsAppThemed () returned 0x1 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] IsAppThemed () returned 0x1 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] IsAppThemed () returned 0x1 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] IsThemePartDefined () returned 0x1 [0209.612] IsAppThemed () returned 0x1 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] GetThemeAppProperties () returned 0x3 [0209.612] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0209.613] IsAppThemed () returned 0x1 [0209.613] GetThemeAppProperties () returned 0x3 [0209.613] GetThemeAppProperties () returned 0x3 [0209.613] IsAppThemed () returned 0x1 [0209.613] GetThemeAppProperties () returned 0x3 [0209.613] GetThemeAppProperties () returned 0x3 [0209.613] IsThemePartDefined () returned 0x1 [0209.613] GdipCreateRegion (region=0x29d520) returned 0x0 [0209.613] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0209.613] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0209.613] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0209.613] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0209.613] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0209.613] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0209.613] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0209.613] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0209.613] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0209.613] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0209.613] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0209.613] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0209.613] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0209.613] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0209.613] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0209.614] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0209.614] GetCurrentObject (hdc=0x23010821, type=0x1) returned 0x1b00017 [0209.614] GetCurrentObject (hdc=0x23010821, type=0x2) returned 0x1900010 [0209.614] GetCurrentObject (hdc=0x23010821, type=0x7) returned 0xa05082d [0209.614] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.614] SaveDC (hdc=0x23010821) returned 1 [0209.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5f040812 [0209.614] GetClipRgn (hdc=0x23010821, hrgn=0x5f040812) returned 0 [0209.614] SelectClipRgn (hdc=0x23010821, hrgn=0xffffffffaf040228) returned 2 [0209.614] DeleteObject (ho=0x5f040812) returned 1 [0209.614] DeleteObject (ho=0xffffffffaf040228) returned 1 [0209.614] OffsetViewportOrgEx (in: hdc=0x23010821, x=0, y=0, lppt=0x22a9dc0 | out: lppt=0x22a9dc0) returned 1 [0209.614] DrawThemeParentBackground () returned 0x0 [0209.614] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0209.614] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0209.614] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0209.614] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0209.614] GetSystemMetrics (nIndex=42) returned 0 [0209.614] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0209.614] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0209.614] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0209.614] GetCurrentObject (hdc=0x23010821, type=0x1) returned 0x1b00017 [0209.614] GetCurrentObject (hdc=0x23010821, type=0x2) returned 0x1900010 [0209.615] GetCurrentObject (hdc=0x23010821, type=0x7) returned 0xa05082d [0209.615] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.615] SaveDC (hdc=0x23010821) returned 2 [0209.615] GetNearestColor (hdc=0x23010821, color=0x0) returned 0x0 [0209.615] CreateSolidBrush (color=0x0) returned 0x4f10081f [0209.615] FillRect (hDC=0x23010821, lprc=0x29cb98, hbr=0x4f10081f) returned 1 [0209.615] DeleteObject (ho=0x4f10081f) returned 1 [0209.615] RestoreDC (hdc=0x23010821, nSavedDC=-1) returned 1 [0209.615] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0209.615] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0209.615] GetSystemMetrics (nIndex=42) returned 0 [0209.615] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0209.615] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0209.615] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0209.616] GetCurrentObject (hdc=0x23010821, type=0x1) returned 0x1b00017 [0209.616] GetCurrentObject (hdc=0x23010821, type=0x2) returned 0x1900010 [0209.616] GetCurrentObject (hdc=0x23010821, type=0x7) returned 0xa05082d [0209.616] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.616] SaveDC (hdc=0x23010821) returned 2 [0209.616] GetNearestColor (hdc=0x23010821, color=0x0) returned 0x0 [0209.616] CreateSolidBrush (color=0x0) returned 0x5010081f [0209.616] FillRect (hDC=0x23010821, lprc=0x29cac8, hbr=0x5010081f) returned 1 [0209.616] DeleteObject (ho=0x5010081f) returned 1 [0209.616] RestoreDC (hdc=0x23010821, nSavedDC=-1) returned 1 [0209.616] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0209.616] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0209.616] GetSystemMetrics (nIndex=42) returned 0 [0209.616] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0209.616] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0209.616] RestoreDC (hdc=0x23010821, nSavedDC=-1) returned 1 [0209.616] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x23010821) returned 0x0 [0209.616] IsAppThemed () returned 0x1 [0209.616] GetThemeAppProperties () returned 0x3 [0209.616] GetThemeAppProperties () returned 0x3 [0209.616] IsAppThemed () returned 0x1 [0209.616] GetThemeAppProperties () returned 0x3 [0209.616] GetThemeAppProperties () returned 0x3 [0209.616] IsThemePartDefined () returned 0x1 [0209.616] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0209.617] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0209.617] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0209.617] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0209.617] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0209.617] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0209.617] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0209.617] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0209.617] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0209.617] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0209.617] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0209.617] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0209.617] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0209.617] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0209.617] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0209.617] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0209.617] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0209.617] GetCurrentObject (hdc=0x23010821, type=0x1) returned 0x1b00017 [0209.617] GetCurrentObject (hdc=0x23010821, type=0x2) returned 0x1900010 [0209.617] GetCurrentObject (hdc=0x23010821, type=0x7) returned 0xa05082d [0209.617] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.617] SaveDC (hdc=0x23010821) returned 1 [0209.617] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffb0040228 [0209.617] GetClipRgn (hdc=0x23010821, hrgn=0xffffffffb0040228) returned 0 [0209.617] SelectClipRgn (hdc=0x23010821, hrgn=0x61040812) returned 2 [0209.617] DeleteObject (ho=0xffffffffb0040228) returned 1 [0209.618] DeleteObject (ho=0x61040812) returned 1 [0209.618] OffsetViewportOrgEx (in: hdc=0x23010821, x=0, y=0, lppt=0x22aaec8 | out: lppt=0x22aaec8) returned 1 [0209.618] IsAppThemed () returned 0x1 [0209.618] GetThemeAppProperties () returned 0x3 [0209.618] GetThemeAppProperties () returned 0x3 [0209.618] DrawThemeBackground () returned 0x0 [0209.618] RestoreDC (hdc=0x23010821, nSavedDC=-1) returned 1 [0209.618] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x23010821) returned 0x0 [0209.619] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0209.619] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0209.619] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0209.619] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0209.619] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0209.619] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0209.619] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0209.619] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0209.619] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0209.619] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0209.619] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0209.619] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0209.619] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0209.619] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0209.619] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0209.619] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0209.619] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0209.619] GetCurrentObject (hdc=0x23010821, type=0x1) returned 0x1b00017 [0209.619] GetCurrentObject (hdc=0x23010821, type=0x2) returned 0x1900010 [0209.619] GetCurrentObject (hdc=0x23010821, type=0x7) returned 0xa05082d [0209.619] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.619] SaveDC (hdc=0x23010821) returned 1 [0209.619] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x62040812 [0209.619] GetClipRgn (hdc=0x23010821, hrgn=0x62040812) returned 0 [0209.619] SelectClipRgn (hdc=0x23010821, hrgn=0xffffffffb1040228) returned 2 [0209.619] DeleteObject (ho=0x62040812) returned 1 [0209.620] DeleteObject (ho=0xffffffffb1040228) returned 1 [0209.620] OffsetViewportOrgEx (in: hdc=0x23010821, x=0, y=0, lppt=0x22ab3a0 | out: lppt=0x22ab3a0) returned 1 [0209.620] IsAppThemed () returned 0x1 [0209.620] GetThemeAppProperties () returned 0x3 [0209.620] GetThemeAppProperties () returned 0x3 [0209.620] GetThemeBackgroundContentRect () returned 0x0 [0209.620] RestoreDC (hdc=0x23010821, nSavedDC=-1) returned 1 [0209.620] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x23010821) returned 0x0 [0209.620] IsAppThemed () returned 0x1 [0209.620] GetThemeAppProperties () returned 0x3 [0209.620] GetThemeAppProperties () returned 0x3 [0209.620] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0209.620] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0209.620] GetCurrentObject (hdc=0x23010821, type=0x1) returned 0x1b00017 [0209.620] GetCurrentObject (hdc=0x23010821, type=0x2) returned 0x1900010 [0209.620] GetCurrentObject (hdc=0x23010821, type=0x7) returned 0xa05082d [0209.620] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.620] SaveDC (hdc=0x23010821) returned 1 [0209.620] GetTextAlign (hdc=0x23010821) returned 0x0 [0209.621] GetTextColor (hdc=0x23010821) returned 0x0 [0209.621] SetTextColor (hdc=0x23010821, color=0x8b) returned 0x0 [0209.621] GetCurrentObject (hdc=0x23010821, type=0x6) returned 0x18a002e [0209.621] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0209.621] SelectObject (hdc=0x23010821, h=0x90a0819) returned 0x18a002e [0209.621] GetBkMode (hdc=0x23010821) returned 2 [0209.621] SetBkMode (hdc=0x23010821, mode=1) returned 2 [0209.621] DrawTextExW (in: hdc=0x23010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22aba28 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0209.621] DrawTextExW (in: hdc=0x23010821, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22aba28 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0209.621] RestoreDC (hdc=0x23010821, nSavedDC=-1) returned 1 [0209.621] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x23010821) returned 0x0 [0209.621] GetFocus () returned 0x201ba [0209.621] IsAppThemed () returned 0x1 [0209.621] GetThemeAppProperties () returned 0x3 [0209.621] GetThemeAppProperties () returned 0x3 [0209.621] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0209.621] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x23010821, x1=0, y1=0, rop=0xcc0020) returned 1 [0209.693] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x23010821) returned 0x0 [0209.741] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0209.741] SelectObject (hdc=0x23010821, h=0x185000f) returned 0xa05082d [0209.741] DeleteDC (hdc=0x23010821) returned 1 [0209.741] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0209.741] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0209.741] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22abb90, cPoints=0x1 | out: lpPoints=0x22abb90) returned 22938228 [0209.741] WindowFromPoint (Point=0x16b000002b8) returned 0x201ba [0209.741] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16b02b8) returned 0x1 [0209.741] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0209.741] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0209.741] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0209.741] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0209.741] GetSystemMetrics (nIndex=42) returned 0 [0209.741] CoTaskMemAlloc (cb=0x2b6) returned 0x1a99d6a0 [0209.741] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a99d6a0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0209.741] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a99d6a0) returned 0x158 [0209.742] CoTaskMemFree (pv=0x1a99d6a0) [0209.743] OleSetClipboard (pDataObj=0x2df228) returned 0x0 [0209.745] OleFlushClipboard () returned 0x0 [0209.745] GlobalReAlloc (hMem=0x1bee00e8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00e8 [0209.746] GlobalLock (hMem=0x1bee00e8) returned 0x1a9ad6e0 [0209.746] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x22aca78, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0209.746] GlobalUnlock (hMem=0x1bee00e8) returned 0 [0209.769] GetCapture () returned 0x201ba [0209.769] ReleaseCapture () returned 1 [0209.769] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0209.769] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.769] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16b02b8) returned 0x1 [0209.770] IsWindowUnicode (hWnd=0x201ba) returned 1 [0209.770] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0209.770] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16b02b8) returned 0x1 [0209.770] SetCursor (hCursor=0x10003) returned 0x10003 [0209.770] TranslateMessage (lpMsg=0x29ea50) returned 0 [0209.770] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0209.770] GetKeyState (nVirtKey=1) returned 1 [0209.770] GetKeyState (nVirtKey=2) returned 0 [0209.770] GetKeyState (nVirtKey=4) returned 0 [0209.770] GetKeyState (nVirtKey=5) returned 0 [0209.770] GetKeyState (nVirtKey=6) returned 0 [0209.770] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0209.770] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0209.770] WaitMessage () returned 1 [0210.264] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0210.264] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0210.264] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0210.264] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0210.264] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0210.264] WaitMessage () returned 1 [0211.711] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0211.711] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0211.711] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0211.711] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0211.711] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0211.711] WaitMessage () returned 1 [0212.409] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.410] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0212.410] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0212.410] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0212.410] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.410] WaitMessage () returned 1 [0212.601] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.601] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302f0) returned 0x1 [0212.601] IsWindowUnicode (hWnd=0x201ba) returned 1 [0212.601] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.601] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302f0) returned 0x1 [0212.601] SetCursor (hCursor=0x10003) returned 0x10003 [0212.602] TranslateMessage (lpMsg=0x29ea50) returned 0 [0212.602] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0212.602] GetKeyState (nVirtKey=1) returned 1 [0212.602] GetKeyState (nVirtKey=2) returned 0 [0212.602] GetKeyState (nVirtKey=4) returned 0 [0212.602] GetKeyState (nVirtKey=5) returned 0 [0212.602] GetKeyState (nVirtKey=6) returned 0 [0212.602] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.602] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.602] WaitMessage () returned 1 [0212.671] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.671] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302f0) returned 0x1 [0212.672] IsWindowUnicode (hWnd=0x201ba) returned 1 [0212.672] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.672] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302f0) returned 0x1 [0212.672] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0212.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc6018c) returned 0x0 [0212.672] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0212.672] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0212.672] SetCursor (hCursor=0x10003) returned 0x10003 [0212.672] TranslateMessage (lpMsg=0x29ea50) returned 0 [0212.672] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0212.672] GetKeyState (nVirtKey=1) returned -128 [0212.672] GetKeyState (nVirtKey=2) returned 0 [0212.672] GetKeyState (nVirtKey=4) returned 0 [0212.672] GetKeyState (nVirtKey=5) returned 0 [0212.672] GetKeyState (nVirtKey=6) returned 0 [0212.672] IsWindowVisible (hWnd=0x201ba) returned 1 [0212.672] IsWindowEnabled (hWnd=0x201ba) returned 1 [0212.672] SetFocus (hWnd=0x201ba) returned 0x201ba [0212.672] GetFocus () returned 0x201ba [0212.672] GetFocus () returned 0x201ba [0212.672] GetFocus () returned 0x201ba [0212.672] GetKeyState (nVirtKey=1) returned -128 [0212.672] GetKeyState (nVirtKey=2) returned 0 [0212.673] GetKeyState (nVirtKey=4) returned 0 [0212.673] GetKeyState (nVirtKey=5) returned 0 [0212.673] GetKeyState (nVirtKey=6) returned 0 [0212.673] GetCapture () returned 0x0 [0212.673] SetCapture (hWnd=0x201ba) returned 0x0 [0212.673] GetKeyState (nVirtKey=1) returned -128 [0212.673] GetKeyState (nVirtKey=2) returned 0 [0212.673] GetKeyState (nVirtKey=4) returned 0 [0212.673] GetKeyState (nVirtKey=5) returned 0 [0212.673] GetKeyState (nVirtKey=6) returned 0 [0212.673] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0212.673] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0212.673] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.673] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.673] TranslateMessage (lpMsg=0x29ea50) returned 0 [0212.673] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0212.673] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.673] IsWindowUnicode (hWnd=0x201ba) returned 1 [0212.673] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.673] TranslateMessage (lpMsg=0x29ea50) returned 0 [0212.673] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0212.673] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22acf00, cPoints=0x1 | out: lpPoints=0x22acf00) returned 22938228 [0212.673] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0212.673] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0212.673] UpdateWindow (hWnd=0x201ba) returned 1 [0212.673] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0212.673] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0212.673] CreateCompatibleDC (hdc=0x501080c) returned 0xb0107ff [0212.673] SelectObject (hdc=0xb0107ff, h=0xa05082d) returned 0x185000f [0212.673] GdipCreateFromHDC (hdc=0xb0107ff, graphics=0x29da18) returned 0x0 [0212.674] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0212.674] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0212.674] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0212.674] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0212.674] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0212.674] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0212.674] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0212.674] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0212.674] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0212.674] GdipCreateRegion (region=0x29da40) returned 0x0 [0212.674] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0212.674] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0212.674] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0212.674] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd8a0dbd) returned 0x0 [0212.674] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0212.674] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0212.674] GetCurrentObject (hdc=0xb0107ff, type=0x1) returned 0x1b00017 [0212.674] GetCurrentObject (hdc=0xb0107ff, type=0x2) returned 0x1900010 [0212.674] GetCurrentObject (hdc=0xb0107ff, type=0x7) returned 0xa05082d [0212.674] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.674] SaveDC (hdc=0xb0107ff) returned 1 [0212.674] GetNearestColor (hdc=0xb0107ff, color=0x0) returned 0x0 [0212.674] GetNearestColor (hdc=0xb0107ff, color=0x0) returned 0x0 [0212.675] GetNearestColor (hdc=0xb0107ff, color=0x0) returned 0x0 [0212.675] GetNearestColor (hdc=0xb0107ff, color=0x989898) returned 0x989898 [0212.675] GetNearestColor (hdc=0xb0107ff, color=0x8b) returned 0x8b [0212.675] GetNearestColor (hdc=0xb0107ff, color=0x7f7f7f) returned 0x7f7f7f [0212.675] GetNearestColor (hdc=0xb0107ff, color=0x989898) returned 0x989898 [0212.675] GetNearestColor (hdc=0xb0107ff, color=0x0) returned 0x0 [0212.675] GetNearestColor (hdc=0xb0107ff, color=0x8b) returned 0x8b [0212.675] RestoreDC (hdc=0xb0107ff, nSavedDC=-1) returned 1 [0212.675] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xb0107ff) returned 0x0 [0212.675] IsAppThemed () returned 0x1 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] IsAppThemed () returned 0x1 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22adad8 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0212.675] IsAppThemed () returned 0x1 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] IsAppThemed () returned 0x1 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] IsAppThemed () returned 0x1 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] IsAppThemed () returned 0x1 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] GetThemeAppProperties () returned 0x3 [0212.675] IsThemePartDefined () returned 0x1 [0212.675] IsAppThemed () returned 0x1 [0212.675] GetThemeAppProperties () returned 0x3 [0212.676] GetThemeAppProperties () returned 0x3 [0212.676] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0212.676] IsAppThemed () returned 0x1 [0212.676] GetThemeAppProperties () returned 0x3 [0212.676] GetThemeAppProperties () returned 0x3 [0212.676] IsAppThemed () returned 0x1 [0212.676] GetThemeAppProperties () returned 0x3 [0212.676] GetThemeAppProperties () returned 0x3 [0212.676] IsThemePartDefined () returned 0x1 [0212.676] GdipCreateRegion (region=0x29d520) returned 0x0 [0212.676] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0212.676] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0212.676] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0212.676] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0212.676] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0212.676] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0212.676] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0212.676] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0212.676] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0212.676] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0212.676] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0212.676] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0212.676] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0212.676] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0212.676] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0212.676] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0212.676] GetCurrentObject (hdc=0xb0107ff, type=0x1) returned 0x1b00017 [0212.676] GetCurrentObject (hdc=0xb0107ff, type=0x2) returned 0x1900010 [0212.676] GetCurrentObject (hdc=0xb0107ff, type=0x7) returned 0xa05082d [0212.676] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.676] SaveDC (hdc=0xb0107ff) returned 1 [0212.676] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffb2040228 [0212.677] GetClipRgn (hdc=0xb0107ff, hrgn=0xffffffffb2040228) returned 0 [0212.677] SelectClipRgn (hdc=0xb0107ff, hrgn=0x66040812) returned 2 [0212.677] DeleteObject (ho=0xffffffffb2040228) returned 1 [0212.677] DeleteObject (ho=0x66040812) returned 1 [0212.677] OffsetViewportOrgEx (in: hdc=0xb0107ff, x=0, y=0, lppt=0x22ae4c0 | out: lppt=0x22ae4c0) returned 1 [0212.677] DrawThemeParentBackground () returned 0x0 [0212.677] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0212.677] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0212.677] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0212.677] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0212.677] GetSystemMetrics (nIndex=42) returned 0 [0212.677] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0212.677] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0212.677] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0212.677] GetCurrentObject (hdc=0xb0107ff, type=0x1) returned 0x1b00017 [0212.677] GetCurrentObject (hdc=0xb0107ff, type=0x2) returned 0x1900010 [0212.677] GetCurrentObject (hdc=0xb0107ff, type=0x7) returned 0xa05082d [0212.677] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.677] SaveDC (hdc=0xb0107ff) returned 2 [0212.677] GetNearestColor (hdc=0xb0107ff, color=0x0) returned 0x0 [0212.677] CreateSolidBrush (color=0x0) returned 0x5110081f [0212.677] FillRect (hDC=0xb0107ff, lprc=0x29cb98, hbr=0x5110081f) returned 1 [0212.677] DeleteObject (ho=0x5110081f) returned 1 [0212.677] RestoreDC (hdc=0xb0107ff, nSavedDC=-1) returned 1 [0212.678] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0212.678] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0212.678] GetSystemMetrics (nIndex=42) returned 0 [0212.678] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0212.678] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0212.678] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0212.678] GetCurrentObject (hdc=0xb0107ff, type=0x1) returned 0x1b00017 [0212.678] GetCurrentObject (hdc=0xb0107ff, type=0x2) returned 0x1900010 [0212.678] GetCurrentObject (hdc=0xb0107ff, type=0x7) returned 0xa05082d [0212.678] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.678] SaveDC (hdc=0xb0107ff) returned 2 [0212.678] GetNearestColor (hdc=0xb0107ff, color=0x0) returned 0x0 [0212.678] CreateSolidBrush (color=0x0) returned 0x5210081f [0212.678] FillRect (hDC=0xb0107ff, lprc=0x29cac8, hbr=0x5210081f) returned 1 [0212.678] DeleteObject (ho=0x5210081f) returned 1 [0212.678] RestoreDC (hdc=0xb0107ff, nSavedDC=-1) returned 1 [0212.678] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0212.678] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0212.678] GetSystemMetrics (nIndex=42) returned 0 [0212.678] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0212.678] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0212.678] RestoreDC (hdc=0xb0107ff, nSavedDC=-1) returned 1 [0212.678] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xb0107ff) returned 0x0 [0212.678] IsAppThemed () returned 0x1 [0212.678] GetThemeAppProperties () returned 0x3 [0212.678] GetThemeAppProperties () returned 0x3 [0212.678] IsAppThemed () returned 0x1 [0212.678] GetThemeAppProperties () returned 0x3 [0212.678] GetThemeAppProperties () returned 0x3 [0212.679] IsThemePartDefined () returned 0x1 [0212.679] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0212.679] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0212.679] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0212.679] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0212.679] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0212.679] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0212.679] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0212.679] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0212.679] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0212.679] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0212.679] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0212.679] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0212.679] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0212.679] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0212.679] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0212.679] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0212.679] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0212.679] GetCurrentObject (hdc=0xb0107ff, type=0x1) returned 0x1b00017 [0212.679] GetCurrentObject (hdc=0xb0107ff, type=0x2) returned 0x1900010 [0212.679] GetCurrentObject (hdc=0xb0107ff, type=0x7) returned 0xa05082d [0212.679] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.679] SaveDC (hdc=0xb0107ff) returned 1 [0212.679] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x67040812 [0212.679] GetClipRgn (hdc=0xb0107ff, hrgn=0x67040812) returned 0 [0212.679] SelectClipRgn (hdc=0xb0107ff, hrgn=0xffffffffb4040228) returned 2 [0212.679] DeleteObject (ho=0x67040812) returned 1 [0212.679] DeleteObject (ho=0xffffffffb4040228) returned 1 [0212.679] OffsetViewportOrgEx (in: hdc=0xb0107ff, x=0, y=0, lppt=0x22af5c8 | out: lppt=0x22af5c8) returned 1 [0212.680] IsAppThemed () returned 0x1 [0212.680] GetThemeAppProperties () returned 0x3 [0212.680] GetThemeAppProperties () returned 0x3 [0212.680] DrawThemeBackground () returned 0x0 [0212.680] RestoreDC (hdc=0xb0107ff, nSavedDC=-1) returned 1 [0212.680] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xb0107ff) returned 0x0 [0212.680] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0212.680] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0212.680] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0212.680] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0212.680] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0212.680] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0212.680] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0212.680] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0212.680] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0212.680] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0212.680] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0212.680] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0212.680] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0212.680] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0212.680] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0212.680] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0212.680] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0212.680] GetCurrentObject (hdc=0xb0107ff, type=0x1) returned 0x1b00017 [0212.680] GetCurrentObject (hdc=0xb0107ff, type=0x2) returned 0x1900010 [0212.680] GetCurrentObject (hdc=0xb0107ff, type=0x7) returned 0xa05082d [0212.680] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.680] SaveDC (hdc=0xb0107ff) returned 1 [0212.681] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffb5040228 [0212.681] GetClipRgn (hdc=0xb0107ff, hrgn=0xffffffffb5040228) returned 0 [0212.681] SelectClipRgn (hdc=0xb0107ff, hrgn=0x68040812) returned 2 [0212.681] DeleteObject (ho=0xffffffffb5040228) returned 1 [0212.681] DeleteObject (ho=0x68040812) returned 1 [0212.681] OffsetViewportOrgEx (in: hdc=0xb0107ff, x=0, y=0, lppt=0x22afaa0 | out: lppt=0x22afaa0) returned 1 [0212.681] IsAppThemed () returned 0x1 [0212.681] GetThemeAppProperties () returned 0x3 [0212.681] GetThemeAppProperties () returned 0x3 [0212.681] GetThemeBackgroundContentRect () returned 0x0 [0212.681] RestoreDC (hdc=0xb0107ff, nSavedDC=-1) returned 1 [0212.681] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xb0107ff) returned 0x0 [0212.681] IsAppThemed () returned 0x1 [0212.681] GetThemeAppProperties () returned 0x3 [0212.681] GetThemeAppProperties () returned 0x3 [0212.681] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0212.681] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0212.681] GetCurrentObject (hdc=0xb0107ff, type=0x1) returned 0x1b00017 [0212.681] GetCurrentObject (hdc=0xb0107ff, type=0x2) returned 0x1900010 [0212.681] GetCurrentObject (hdc=0xb0107ff, type=0x7) returned 0xa05082d [0212.681] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.681] SaveDC (hdc=0xb0107ff) returned 1 [0212.681] GetTextAlign (hdc=0xb0107ff) returned 0x0 [0212.681] GetTextColor (hdc=0xb0107ff) returned 0x0 [0212.681] SetTextColor (hdc=0xb0107ff, color=0x8b) returned 0x0 [0212.681] GetCurrentObject (hdc=0xb0107ff, type=0x6) returned 0x18a002e [0212.681] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0212.681] SelectObject (hdc=0xb0107ff, h=0x90a0819) returned 0x18a002e [0212.682] GetBkMode (hdc=0xb0107ff) returned 2 [0212.682] SetBkMode (hdc=0xb0107ff, mode=1) returned 2 [0212.682] DrawTextExW (in: hdc=0xb0107ff, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22b0128 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0212.682] DrawTextExW (in: hdc=0xb0107ff, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22b0128 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0212.682] RestoreDC (hdc=0xb0107ff, nSavedDC=-1) returned 1 [0212.682] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xb0107ff) returned 0x0 [0212.682] GetFocus () returned 0x201ba [0212.682] IsAppThemed () returned 0x1 [0212.682] GetThemeAppProperties () returned 0x3 [0212.682] GetThemeAppProperties () returned 0x3 [0212.682] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0212.682] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0xb0107ff, x1=0, y1=0, rop=0xcc0020) returned 1 [0212.682] GdipReleaseDC (graphics=0x1c34abe0, hdc=0xb0107ff) returned 0x0 [0212.682] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0212.682] SelectObject (hdc=0xb0107ff, h=0x185000f) returned 0xa05082d [0212.682] DeleteDC (hdc=0xb0107ff) returned 1 [0212.682] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0212.682] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0212.682] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22b0290, cPoints=0x1 | out: lpPoints=0x22b0290) returned 22938228 [0212.683] WindowFromPoint (Point=0x173000002f0) returned 0x201ba [0212.683] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302f0) returned 0x1 [0212.683] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0212.683] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0212.683] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0212.683] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0212.683] GetSystemMetrics (nIndex=42) returned 0 [0212.683] CoTaskMemAlloc (cb=0x2b6) returned 0x1a99d6a0 [0212.683] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a99d6a0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0212.683] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a99d6a0) returned 0x158 [0212.683] CoTaskMemFree (pv=0x1a99d6a0) [0212.684] OleSetClipboard (pDataObj=0x2df128) returned 0x0 [0212.820] OleFlushClipboard () returned 0x0 [0212.820] GlobalReAlloc (hMem=0x1bee00b8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00b8 [0212.820] GlobalLock (hMem=0x1bee00b8) returned 0x1a9ad6e0 [0212.821] RtlMoveMemory (in: Destination=0x1a9ad6e0, Source=0x22b1178, Length=0x2b0 | out: Destination=0x1a9ad6e0) [0212.821] GlobalUnlock (hMem=0x1bee00b8) returned 0 [0212.821] GetCapture () returned 0x201ba [0212.821] ReleaseCapture () returned 1 [0212.821] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0212.821] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.822] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302f0) returned 0x1 [0212.822] IsWindowUnicode (hWnd=0x201ba) returned 1 [0212.822] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0212.822] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302f0) returned 0x1 [0212.822] SetCursor (hCursor=0x10003) returned 0x10003 [0212.822] TranslateMessage (lpMsg=0x29ea50) returned 0 [0212.822] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0212.822] GetKeyState (nVirtKey=1) returned 0 [0212.823] GetKeyState (nVirtKey=2) returned 0 [0212.823] GetKeyState (nVirtKey=4) returned 0 [0212.823] GetKeyState (nVirtKey=5) returned 0 [0212.823] GetKeyState (nVirtKey=6) returned 0 [0212.823] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.823] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.823] WaitMessage () returned 1 [0212.992] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.992] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0212.992] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0212.992] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0212.993] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0212.993] WaitMessage () returned 1 [0214.202] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0214.202] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0214.202] TranslateMessage (lpMsg=0x29ea50) returned 0 [0214.202] DispatchMessageA (lpMsg=0x29ea50) returned 0x1 [0214.202] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0214.202] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0214.202] WaitMessage () returned 1 [0215.716] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.716] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002cc) returned 0x1 [0215.716] IsWindowUnicode (hWnd=0x201ba) returned 1 [0215.717] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.717] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002cc) returned 0x1 [0215.717] SetCursor (hCursor=0x10003) returned 0x10003 [0215.717] TranslateMessage (lpMsg=0x29ea50) returned 0 [0215.717] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0215.717] GetKeyState (nVirtKey=1) returned 0 [0215.717] GetKeyState (nVirtKey=2) returned 0 [0215.717] GetKeyState (nVirtKey=4) returned 0 [0215.717] GetKeyState (nVirtKey=5) returned 0 [0215.717] GetKeyState (nVirtKey=6) returned 0 [0215.717] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0215.717] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0215.717] WaitMessage () returned 1 [0215.761] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.761] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002cc) returned 0x1 [0215.761] IsWindowUnicode (hWnd=0x201ba) returned 1 [0215.761] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.761] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002cc) returned 0x1 [0215.761] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0215.761] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc30168) returned 0x0 [0215.761] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0215.762] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0215.762] SetCursor (hCursor=0x10003) returned 0x10003 [0215.762] TranslateMessage (lpMsg=0x29ea50) returned 0 [0215.762] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0215.762] GetKeyState (nVirtKey=1) returned -127 [0215.762] GetKeyState (nVirtKey=2) returned 0 [0215.762] GetKeyState (nVirtKey=4) returned 0 [0215.762] GetKeyState (nVirtKey=5) returned 0 [0215.762] GetKeyState (nVirtKey=6) returned 0 [0215.762] IsWindowVisible (hWnd=0x201ba) returned 1 [0215.762] IsWindowEnabled (hWnd=0x201ba) returned 1 [0215.762] SetFocus (hWnd=0x201ba) returned 0x201ba [0215.762] GetFocus () returned 0x201ba [0215.762] GetFocus () returned 0x201ba [0215.762] GetFocus () returned 0x201ba [0215.762] GetKeyState (nVirtKey=1) returned -127 [0215.762] GetKeyState (nVirtKey=2) returned 0 [0215.763] GetKeyState (nVirtKey=4) returned 0 [0215.763] GetKeyState (nVirtKey=5) returned 0 [0215.763] GetKeyState (nVirtKey=6) returned 0 [0215.763] GetCapture () returned 0x0 [0215.763] SetCapture (hWnd=0x201ba) returned 0x0 [0215.763] GetKeyState (nVirtKey=1) returned -127 [0215.763] GetKeyState (nVirtKey=2) returned 0 [0215.763] GetKeyState (nVirtKey=4) returned 0 [0215.763] GetKeyState (nVirtKey=5) returned 0 [0215.763] GetKeyState (nVirtKey=6) returned 0 [0215.763] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0215.763] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0215.763] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.763] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.763] TranslateMessage (lpMsg=0x29ea50) returned 0 [0215.763] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0215.763] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.763] IsWindowUnicode (hWnd=0x201ba) returned 1 [0215.763] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.763] TranslateMessage (lpMsg=0x29ea50) returned 0 [0215.763] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0215.763] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22b15c8, cPoints=0x1 | out: lpPoints=0x22b15c8) returned 22938228 [0215.763] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0215.763] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0215.763] UpdateWindow (hWnd=0x201ba) returned 1 [0215.763] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0215.763] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0215.763] CreateCompatibleDC (hdc=0x501080c) returned 0x4b01021e [0215.764] SelectObject (hdc=0x4b01021e, h=0xa05082d) returned 0x185000f [0215.764] GdipCreateFromHDC (hdc=0x4b01021e, graphics=0x29da18) returned 0x0 [0215.764] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0215.764] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0215.764] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0215.764] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0215.764] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0215.764] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0215.764] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0215.764] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0215.764] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0215.764] GdipCreateRegion (region=0x29da40) returned 0x0 [0215.764] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0215.764] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0215.764] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0215.764] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd880dbd) returned 0x0 [0215.764] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0215.765] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0215.765] GetCurrentObject (hdc=0x4b01021e, type=0x1) returned 0x1b00017 [0215.765] GetCurrentObject (hdc=0x4b01021e, type=0x2) returned 0x1900010 [0215.765] GetCurrentObject (hdc=0x4b01021e, type=0x7) returned 0xa05082d [0215.765] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.765] SaveDC (hdc=0x4b01021e) returned 1 [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x0) returned 0x0 [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x0) returned 0x0 [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x0) returned 0x0 [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x989898) returned 0x989898 [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x8b) returned 0x8b [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x7f7f7f) returned 0x7f7f7f [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x989898) returned 0x989898 [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x0) returned 0x0 [0215.765] GetNearestColor (hdc=0x4b01021e, color=0x8b) returned 0x8b [0215.766] RestoreDC (hdc=0x4b01021e, nSavedDC=-1) returned 1 [0215.766] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4b01021e) returned 0x0 [0215.766] IsAppThemed () returned 0x1 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] IsAppThemed () returned 0x1 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22b21a0 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0215.766] IsAppThemed () returned 0x1 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] IsAppThemed () returned 0x1 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] IsAppThemed () returned 0x1 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] IsAppThemed () returned 0x1 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] IsThemePartDefined () returned 0x1 [0215.766] IsAppThemed () returned 0x1 [0215.766] GetThemeAppProperties () returned 0x3 [0215.766] GetThemeAppProperties () returned 0x3 [0215.767] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0215.767] IsAppThemed () returned 0x1 [0215.767] GetThemeAppProperties () returned 0x3 [0215.767] GetThemeAppProperties () returned 0x3 [0215.767] IsAppThemed () returned 0x1 [0215.767] GetThemeAppProperties () returned 0x3 [0215.767] GetThemeAppProperties () returned 0x3 [0215.767] IsThemePartDefined () returned 0x1 [0215.767] GdipCreateRegion (region=0x29d520) returned 0x0 [0215.767] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0215.767] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0215.767] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0215.767] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0215.767] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0215.767] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0215.767] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0215.767] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0215.767] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0215.767] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0215.767] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0215.767] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0215.767] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0215.767] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0215.768] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0215.768] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0215.768] GetCurrentObject (hdc=0x4b01021e, type=0x1) returned 0x1b00017 [0215.768] GetCurrentObject (hdc=0x4b01021e, type=0x2) returned 0x1900010 [0215.768] GetCurrentObject (hdc=0x4b01021e, type=0x7) returned 0xa05082d [0215.768] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.768] SaveDC (hdc=0x4b01021e) returned 1 [0215.768] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x69040812 [0215.768] GetClipRgn (hdc=0x4b01021e, hrgn=0x69040812) returned 0 [0215.768] SelectClipRgn (hdc=0x4b01021e, hrgn=0xffffffffb9040228) returned 2 [0215.768] DeleteObject (ho=0x69040812) returned 1 [0215.768] DeleteObject (ho=0xffffffffb9040228) returned 1 [0215.768] OffsetViewportOrgEx (in: hdc=0x4b01021e, x=0, y=0, lppt=0x22b2b88 | out: lppt=0x22b2b88) returned 1 [0215.768] DrawThemeParentBackground () returned 0x0 [0215.768] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0215.768] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0215.768] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0215.768] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0215.769] GetSystemMetrics (nIndex=42) returned 0 [0215.769] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0215.769] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0215.769] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0215.769] GetCurrentObject (hdc=0x4b01021e, type=0x1) returned 0x1b00017 [0215.769] GetCurrentObject (hdc=0x4b01021e, type=0x2) returned 0x1900010 [0215.769] GetCurrentObject (hdc=0x4b01021e, type=0x7) returned 0xa05082d [0215.769] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.769] SaveDC (hdc=0x4b01021e) returned 2 [0215.769] GetNearestColor (hdc=0x4b01021e, color=0x0) returned 0x0 [0215.769] CreateSolidBrush (color=0x0) returned 0x5310081f [0215.769] FillRect (hDC=0x4b01021e, lprc=0x29cb98, hbr=0x5310081f) returned 1 [0215.769] DeleteObject (ho=0x5310081f) returned 1 [0215.769] RestoreDC (hdc=0x4b01021e, nSavedDC=-1) returned 1 [0215.769] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0215.769] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0215.769] GetSystemMetrics (nIndex=42) returned 0 [0215.769] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0215.770] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0215.770] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0215.770] GetCurrentObject (hdc=0x4b01021e, type=0x1) returned 0x1b00017 [0215.770] GetCurrentObject (hdc=0x4b01021e, type=0x2) returned 0x1900010 [0215.770] GetCurrentObject (hdc=0x4b01021e, type=0x7) returned 0xa05082d [0215.770] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.770] SaveDC (hdc=0x4b01021e) returned 2 [0215.771] GetNearestColor (hdc=0x4b01021e, color=0x0) returned 0x0 [0215.771] CreateSolidBrush (color=0x0) returned 0x5410081f [0215.771] FillRect (hDC=0x4b01021e, lprc=0x29cac8, hbr=0x5410081f) returned 1 [0215.771] DeleteObject (ho=0x5410081f) returned 1 [0215.771] RestoreDC (hdc=0x4b01021e, nSavedDC=-1) returned 1 [0215.771] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0215.771] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0215.771] GetSystemMetrics (nIndex=42) returned 0 [0215.771] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0215.771] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0215.771] RestoreDC (hdc=0x4b01021e, nSavedDC=-1) returned 1 [0215.771] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4b01021e) returned 0x0 [0215.771] IsAppThemed () returned 0x1 [0215.771] GetThemeAppProperties () returned 0x3 [0215.771] GetThemeAppProperties () returned 0x3 [0215.771] IsAppThemed () returned 0x1 [0215.771] GetThemeAppProperties () returned 0x3 [0215.771] GetThemeAppProperties () returned 0x3 [0215.771] IsThemePartDefined () returned 0x1 [0215.771] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0215.772] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0215.772] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0215.772] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0215.772] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0215.772] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0215.772] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0215.772] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0215.772] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0215.772] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0215.772] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0215.772] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0215.772] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0215.772] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0215.772] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0215.772] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0215.772] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0215.772] GetCurrentObject (hdc=0x4b01021e, type=0x1) returned 0x1b00017 [0215.772] GetCurrentObject (hdc=0x4b01021e, type=0x2) returned 0x1900010 [0215.772] GetCurrentObject (hdc=0x4b01021e, type=0x7) returned 0xa05082d [0215.772] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.772] SaveDC (hdc=0x4b01021e) returned 1 [0215.773] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffba040228 [0215.773] GetClipRgn (hdc=0x4b01021e, hrgn=0xffffffffba040228) returned 0 [0215.773] SelectClipRgn (hdc=0x4b01021e, hrgn=0x6b040812) returned 2 [0215.773] DeleteObject (ho=0xffffffffba040228) returned 1 [0215.773] DeleteObject (ho=0x6b040812) returned 1 [0215.773] OffsetViewportOrgEx (in: hdc=0x4b01021e, x=0, y=0, lppt=0x22b3c90 | out: lppt=0x22b3c90) returned 1 [0215.773] IsAppThemed () returned 0x1 [0215.773] GetThemeAppProperties () returned 0x3 [0215.773] GetThemeAppProperties () returned 0x3 [0215.773] DrawThemeBackground () returned 0x0 [0215.773] RestoreDC (hdc=0x4b01021e, nSavedDC=-1) returned 1 [0215.773] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4b01021e) returned 0x0 [0215.773] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0215.773] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0215.773] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0215.773] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0215.773] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0215.773] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0215.774] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0215.774] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0215.774] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0215.774] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0215.774] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0215.774] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0215.774] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0215.774] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0215.774] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0215.774] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0215.774] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0215.774] GetCurrentObject (hdc=0x4b01021e, type=0x1) returned 0x1b00017 [0215.774] GetCurrentObject (hdc=0x4b01021e, type=0x2) returned 0x1900010 [0215.774] GetCurrentObject (hdc=0x4b01021e, type=0x7) returned 0xa05082d [0215.774] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.774] SaveDC (hdc=0x4b01021e) returned 1 [0215.774] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6c040812 [0215.774] GetClipRgn (hdc=0x4b01021e, hrgn=0x6c040812) returned 0 [0215.774] SelectClipRgn (hdc=0x4b01021e, hrgn=0xffffffffbb040228) returned 2 [0215.774] DeleteObject (ho=0x6c040812) returned 1 [0215.775] DeleteObject (ho=0xffffffffbb040228) returned 1 [0215.775] OffsetViewportOrgEx (in: hdc=0x4b01021e, x=0, y=0, lppt=0x22b4168 | out: lppt=0x22b4168) returned 1 [0215.775] IsAppThemed () returned 0x1 [0215.775] GetThemeAppProperties () returned 0x3 [0215.775] GetThemeAppProperties () returned 0x3 [0215.775] GetThemeBackgroundContentRect () returned 0x0 [0215.775] RestoreDC (hdc=0x4b01021e, nSavedDC=-1) returned 1 [0215.775] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4b01021e) returned 0x0 [0215.775] IsAppThemed () returned 0x1 [0215.775] GetThemeAppProperties () returned 0x3 [0215.775] GetThemeAppProperties () returned 0x3 [0215.775] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0215.775] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0215.775] GetCurrentObject (hdc=0x4b01021e, type=0x1) returned 0x1b00017 [0215.775] GetCurrentObject (hdc=0x4b01021e, type=0x2) returned 0x1900010 [0215.775] GetCurrentObject (hdc=0x4b01021e, type=0x7) returned 0xa05082d [0215.775] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.775] SaveDC (hdc=0x4b01021e) returned 1 [0215.775] GetTextAlign (hdc=0x4b01021e) returned 0x0 [0215.775] GetTextColor (hdc=0x4b01021e) returned 0x0 [0215.775] SetTextColor (hdc=0x4b01021e, color=0x8b) returned 0x0 [0215.775] GetCurrentObject (hdc=0x4b01021e, type=0x6) returned 0x18a002e [0215.776] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0215.776] SelectObject (hdc=0x4b01021e, h=0x90a0819) returned 0x18a002e [0215.776] GetBkMode (hdc=0x4b01021e) returned 2 [0215.776] SetBkMode (hdc=0x4b01021e, mode=1) returned 2 [0215.776] DrawTextExW (in: hdc=0x4b01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22b47f0 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0215.776] DrawTextExW (in: hdc=0x4b01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22b47f0 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0215.776] RestoreDC (hdc=0x4b01021e, nSavedDC=-1) returned 1 [0215.776] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4b01021e) returned 0x0 [0215.776] GetFocus () returned 0x201ba [0215.776] IsAppThemed () returned 0x1 [0215.776] GetThemeAppProperties () returned 0x3 [0215.776] GetThemeAppProperties () returned 0x3 [0215.776] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0215.776] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x4b01021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0215.777] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4b01021e) returned 0x0 [0215.777] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0215.777] SelectObject (hdc=0x4b01021e, h=0x185000f) returned 0xa05082d [0215.777] DeleteDC (hdc=0x4b01021e) returned 1 [0215.777] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0215.777] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0215.777] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22b4958, cPoints=0x1 | out: lpPoints=0x22b4958) returned 22938228 [0215.777] WindowFromPoint (Point=0x170000002cc) returned 0x201ba [0215.777] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002cc) returned 0x1 [0215.777] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0215.777] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0215.777] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0215.777] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0215.777] GetSystemMetrics (nIndex=42) returned 0 [0215.777] CoTaskMemAlloc (cb=0x2b6) returned 0x1a99d6a0 [0215.777] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a99d6a0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0215.777] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a99d6a0) returned 0x158 [0215.778] CoTaskMemFree (pv=0x1a99d6a0) [0215.778] OleSetClipboard (pDataObj=0x2df028) returned 0x0 [0215.803] OleFlushClipboard () returned 0x0 [0215.803] GlobalReAlloc (hMem=0x1bee00c8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00c8 [0215.803] GlobalLock (hMem=0x1bee00c8) returned 0x1a99d6a0 [0215.803] RtlMoveMemory (in: Destination=0x1a99d6a0, Source=0x22b5840, Length=0x2b0 | out: Destination=0x1a99d6a0) [0215.803] GlobalUnlock (hMem=0x1bee00c8) returned 0 [0215.803] GetCapture () returned 0x201ba [0215.803] ReleaseCapture () returned 1 [0215.804] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0215.804] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.804] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002cc) returned 0x1 [0215.804] IsWindowUnicode (hWnd=0x201ba) returned 1 [0215.804] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0215.804] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17002cc) returned 0x1 [0215.804] SetCursor (hCursor=0x10003) returned 0x10003 [0215.804] TranslateMessage (lpMsg=0x29ea50) returned 0 [0215.804] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0215.804] GetKeyState (nVirtKey=1) returned 1 [0215.804] GetKeyState (nVirtKey=2) returned 0 [0215.804] GetKeyState (nVirtKey=4) returned 0 [0215.804] GetKeyState (nVirtKey=5) returned 0 [0215.804] GetKeyState (nVirtKey=6) returned 0 [0215.804] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0215.804] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0215.804] WaitMessage () returned 1 [0218.759] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.759] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102f6) returned 0x1 [0218.759] IsWindowUnicode (hWnd=0x201ba) returned 1 [0218.759] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.759] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102f6) returned 0x1 [0218.759] SetCursor (hCursor=0x10003) returned 0x10003 [0218.759] TranslateMessage (lpMsg=0x29ea50) returned 0 [0218.759] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0218.759] GetKeyState (nVirtKey=1) returned 1 [0218.759] GetKeyState (nVirtKey=2) returned 0 [0218.759] GetKeyState (nVirtKey=4) returned 0 [0218.759] GetKeyState (nVirtKey=5) returned 0 [0218.760] GetKeyState (nVirtKey=6) returned 0 [0218.760] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0218.760] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0218.760] WaitMessage () returned 1 [0218.837] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.837] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102f6) returned 0x1 [0218.837] IsWindowUnicode (hWnd=0x201ba) returned 1 [0218.837] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.837] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102f6) returned 0x1 [0218.837] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0218.837] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc40192) returned 0x0 [0218.837] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0218.837] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0218.838] SetCursor (hCursor=0x10003) returned 0x10003 [0218.838] TranslateMessage (lpMsg=0x29ea50) returned 0 [0218.838] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0218.838] GetKeyState (nVirtKey=1) returned -128 [0218.838] GetKeyState (nVirtKey=2) returned 0 [0218.838] GetKeyState (nVirtKey=4) returned 0 [0218.838] GetKeyState (nVirtKey=5) returned 0 [0218.838] GetKeyState (nVirtKey=6) returned 0 [0218.838] IsWindowVisible (hWnd=0x201ba) returned 1 [0218.838] IsWindowEnabled (hWnd=0x201ba) returned 1 [0218.838] SetFocus (hWnd=0x201ba) returned 0x201ba [0218.838] GetFocus () returned 0x201ba [0218.838] GetFocus () returned 0x201ba [0218.838] GetFocus () returned 0x201ba [0218.838] GetKeyState (nVirtKey=1) returned -128 [0218.838] GetKeyState (nVirtKey=2) returned 0 [0218.838] GetKeyState (nVirtKey=4) returned 0 [0218.838] GetKeyState (nVirtKey=5) returned 0 [0218.838] GetKeyState (nVirtKey=6) returned 0 [0218.838] GetCapture () returned 0x0 [0218.838] SetCapture (hWnd=0x201ba) returned 0x0 [0218.838] GetKeyState (nVirtKey=1) returned -128 [0218.838] GetKeyState (nVirtKey=2) returned 0 [0218.838] GetKeyState (nVirtKey=4) returned 0 [0218.838] GetKeyState (nVirtKey=5) returned 0 [0218.838] GetKeyState (nVirtKey=6) returned 0 [0218.838] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0218.838] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0218.838] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.838] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.838] TranslateMessage (lpMsg=0x29ea50) returned 0 [0218.839] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0218.839] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.839] IsWindowUnicode (hWnd=0x201ba) returned 1 [0218.839] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.839] TranslateMessage (lpMsg=0x29ea50) returned 0 [0218.839] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0218.839] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22b5c20, cPoints=0x1 | out: lpPoints=0x22b5c20) returned 22938228 [0218.839] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0218.839] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0218.839] UpdateWindow (hWnd=0x201ba) returned 1 [0218.839] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0218.839] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0218.839] CreateCompatibleDC (hdc=0x501080c) returned 0x4c01021e [0218.839] SelectObject (hdc=0x4c01021e, h=0xa05082d) returned 0x185000f [0218.839] GdipCreateFromHDC (hdc=0x4c01021e, graphics=0x29da18) returned 0x0 [0218.839] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0218.839] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0218.839] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0218.839] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0218.839] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0218.839] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0218.839] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0218.840] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0218.840] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0218.840] GdipCreateRegion (region=0x29da40) returned 0x0 [0218.840] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0218.840] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0218.840] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0218.840] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd860dbd) returned 0x0 [0218.840] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0218.840] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0218.840] GetCurrentObject (hdc=0x4c01021e, type=0x1) returned 0x1b00017 [0218.840] GetCurrentObject (hdc=0x4c01021e, type=0x2) returned 0x1900010 [0218.840] GetCurrentObject (hdc=0x4c01021e, type=0x7) returned 0xa05082d [0218.840] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.840] SaveDC (hdc=0x4c01021e) returned 1 [0218.840] GetNearestColor (hdc=0x4c01021e, color=0x0) returned 0x0 [0218.840] GetNearestColor (hdc=0x4c01021e, color=0x0) returned 0x0 [0218.840] GetNearestColor (hdc=0x4c01021e, color=0x0) returned 0x0 [0218.841] GetNearestColor (hdc=0x4c01021e, color=0x989898) returned 0x989898 [0218.841] GetNearestColor (hdc=0x4c01021e, color=0x8b) returned 0x8b [0218.841] GetNearestColor (hdc=0x4c01021e, color=0x7f7f7f) returned 0x7f7f7f [0218.841] GetNearestColor (hdc=0x4c01021e, color=0x989898) returned 0x989898 [0218.841] GetNearestColor (hdc=0x4c01021e, color=0x0) returned 0x0 [0218.841] GetNearestColor (hdc=0x4c01021e, color=0x8b) returned 0x8b [0218.841] RestoreDC (hdc=0x4c01021e, nSavedDC=-1) returned 1 [0218.841] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4c01021e) returned 0x0 [0218.841] IsAppThemed () returned 0x1 [0218.841] GetThemeAppProperties () returned 0x3 [0218.841] GetThemeAppProperties () returned 0x3 [0218.841] IsAppThemed () returned 0x1 [0218.841] GetThemeAppProperties () returned 0x3 [0218.841] GetThemeAppProperties () returned 0x3 [0218.841] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22b67f8 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0218.841] IsAppThemed () returned 0x1 [0218.841] GetThemeAppProperties () returned 0x3 [0218.841] GetThemeAppProperties () returned 0x3 [0218.841] IsAppThemed () returned 0x1 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] IsAppThemed () returned 0x1 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] IsAppThemed () returned 0x1 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] IsThemePartDefined () returned 0x1 [0218.842] IsAppThemed () returned 0x1 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0218.842] IsAppThemed () returned 0x1 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] IsAppThemed () returned 0x1 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] GetThemeAppProperties () returned 0x3 [0218.842] IsThemePartDefined () returned 0x1 [0218.842] GdipCreateRegion (region=0x29d520) returned 0x0 [0218.842] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0218.842] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0218.842] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0218.842] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0218.842] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0218.842] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0218.842] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0218.842] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0218.842] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0218.843] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0218.843] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0218.843] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0218.843] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0218.843] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0218.843] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0218.843] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0218.843] GetCurrentObject (hdc=0x4c01021e, type=0x1) returned 0x1b00017 [0218.843] GetCurrentObject (hdc=0x4c01021e, type=0x2) returned 0x1900010 [0218.843] GetCurrentObject (hdc=0x4c01021e, type=0x7) returned 0xa05082d [0218.843] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.843] SaveDC (hdc=0x4c01021e) returned 1 [0218.843] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffbc040228 [0218.843] GetClipRgn (hdc=0x4c01021e, hrgn=0xffffffffbc040228) returned 0 [0218.843] SelectClipRgn (hdc=0x4c01021e, hrgn=0x70040812) returned 2 [0218.843] DeleteObject (ho=0xffffffffbc040228) returned 1 [0218.843] DeleteObject (ho=0x70040812) returned 1 [0218.843] OffsetViewportOrgEx (in: hdc=0x4c01021e, x=0, y=0, lppt=0x22b71e0 | out: lppt=0x22b71e0) returned 1 [0218.843] DrawThemeParentBackground () returned 0x0 [0218.844] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0218.844] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0218.844] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0218.844] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0218.844] GetSystemMetrics (nIndex=42) returned 0 [0218.844] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0218.844] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0218.844] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0218.844] GetCurrentObject (hdc=0x4c01021e, type=0x1) returned 0x1b00017 [0218.844] GetCurrentObject (hdc=0x4c01021e, type=0x2) returned 0x1900010 [0218.844] GetCurrentObject (hdc=0x4c01021e, type=0x7) returned 0xa05082d [0218.844] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.844] SaveDC (hdc=0x4c01021e) returned 2 [0218.844] GetNearestColor (hdc=0x4c01021e, color=0x0) returned 0x0 [0218.844] CreateSolidBrush (color=0x0) returned 0x5510081f [0218.844] FillRect (hDC=0x4c01021e, lprc=0x29cb98, hbr=0x5510081f) returned 1 [0218.844] DeleteObject (ho=0x5510081f) returned 1 [0218.844] RestoreDC (hdc=0x4c01021e, nSavedDC=-1) returned 1 [0218.845] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0218.845] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0218.845] GetSystemMetrics (nIndex=42) returned 0 [0218.845] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0218.845] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0218.845] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0218.845] GetCurrentObject (hdc=0x4c01021e, type=0x1) returned 0x1b00017 [0218.845] GetCurrentObject (hdc=0x4c01021e, type=0x2) returned 0x1900010 [0218.845] GetCurrentObject (hdc=0x4c01021e, type=0x7) returned 0xa05082d [0218.845] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.845] SaveDC (hdc=0x4c01021e) returned 2 [0218.845] GetNearestColor (hdc=0x4c01021e, color=0x0) returned 0x0 [0218.845] CreateSolidBrush (color=0x0) returned 0x5610081f [0218.845] FillRect (hDC=0x4c01021e, lprc=0x29cac8, hbr=0x5610081f) returned 1 [0218.845] DeleteObject (ho=0x5610081f) returned 1 [0218.845] RestoreDC (hdc=0x4c01021e, nSavedDC=-1) returned 1 [0218.845] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0218.845] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0218.845] GetSystemMetrics (nIndex=42) returned 0 [0218.845] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0218.845] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0218.846] RestoreDC (hdc=0x4c01021e, nSavedDC=-1) returned 1 [0218.846] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4c01021e) returned 0x0 [0218.846] IsAppThemed () returned 0x1 [0218.846] GetThemeAppProperties () returned 0x3 [0218.846] GetThemeAppProperties () returned 0x3 [0218.846] IsAppThemed () returned 0x1 [0218.846] GetThemeAppProperties () returned 0x3 [0218.846] GetThemeAppProperties () returned 0x3 [0218.846] IsThemePartDefined () returned 0x1 [0218.846] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0218.846] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0218.846] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0218.846] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0218.846] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0218.846] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0218.846] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0218.846] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0218.846] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0218.846] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0218.846] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0218.846] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0218.846] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0218.847] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0218.847] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0218.847] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0218.847] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0218.847] GetCurrentObject (hdc=0x4c01021e, type=0x1) returned 0x1b00017 [0218.847] GetCurrentObject (hdc=0x4c01021e, type=0x2) returned 0x1900010 [0218.847] GetCurrentObject (hdc=0x4c01021e, type=0x7) returned 0xa05082d [0218.847] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.847] SaveDC (hdc=0x4c01021e) returned 1 [0218.847] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x71040812 [0218.847] GetClipRgn (hdc=0x4c01021e, hrgn=0x71040812) returned 0 [0218.847] SelectClipRgn (hdc=0x4c01021e, hrgn=0xffffffffbe040228) returned 2 [0218.847] DeleteObject (ho=0x71040812) returned 1 [0218.847] DeleteObject (ho=0xffffffffbe040228) returned 1 [0218.847] OffsetViewportOrgEx (in: hdc=0x4c01021e, x=0, y=0, lppt=0x22b82e8 | out: lppt=0x22b82e8) returned 1 [0218.847] IsAppThemed () returned 0x1 [0218.847] GetThemeAppProperties () returned 0x3 [0218.847] GetThemeAppProperties () returned 0x3 [0218.847] DrawThemeBackground () returned 0x0 [0218.847] RestoreDC (hdc=0x4c01021e, nSavedDC=-1) returned 1 [0218.848] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4c01021e) returned 0x0 [0218.848] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0218.848] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0218.848] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0218.848] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0218.848] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0218.848] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0218.848] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0218.848] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0218.848] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0218.848] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0218.848] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0218.848] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0218.848] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0218.848] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0218.848] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0218.848] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0218.848] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0218.848] GetCurrentObject (hdc=0x4c01021e, type=0x1) returned 0x1b00017 [0218.848] GetCurrentObject (hdc=0x4c01021e, type=0x2) returned 0x1900010 [0218.848] GetCurrentObject (hdc=0x4c01021e, type=0x7) returned 0xa05082d [0218.849] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.849] SaveDC (hdc=0x4c01021e) returned 1 [0218.849] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffbf040228 [0218.849] GetClipRgn (hdc=0x4c01021e, hrgn=0xffffffffbf040228) returned 0 [0218.849] SelectClipRgn (hdc=0x4c01021e, hrgn=0x72040812) returned 2 [0218.849] DeleteObject (ho=0xffffffffbf040228) returned 1 [0218.849] DeleteObject (ho=0x72040812) returned 1 [0218.849] OffsetViewportOrgEx (in: hdc=0x4c01021e, x=0, y=0, lppt=0x22b87c0 | out: lppt=0x22b87c0) returned 1 [0218.849] IsAppThemed () returned 0x1 [0218.849] GetThemeAppProperties () returned 0x3 [0218.849] GetThemeAppProperties () returned 0x3 [0218.849] GetThemeBackgroundContentRect () returned 0x0 [0218.849] RestoreDC (hdc=0x4c01021e, nSavedDC=-1) returned 1 [0218.849] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4c01021e) returned 0x0 [0218.849] IsAppThemed () returned 0x1 [0218.849] GetThemeAppProperties () returned 0x3 [0218.849] GetThemeAppProperties () returned 0x3 [0218.849] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0218.849] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0218.849] GetCurrentObject (hdc=0x4c01021e, type=0x1) returned 0x1b00017 [0218.849] GetCurrentObject (hdc=0x4c01021e, type=0x2) returned 0x1900010 [0218.849] GetCurrentObject (hdc=0x4c01021e, type=0x7) returned 0xa05082d [0218.849] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.850] SaveDC (hdc=0x4c01021e) returned 1 [0218.850] GetTextAlign (hdc=0x4c01021e) returned 0x0 [0218.850] GetTextColor (hdc=0x4c01021e) returned 0x0 [0218.850] SetTextColor (hdc=0x4c01021e, color=0x8b) returned 0x0 [0218.850] GetCurrentObject (hdc=0x4c01021e, type=0x6) returned 0x18a002e [0218.850] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0218.850] SelectObject (hdc=0x4c01021e, h=0x90a0819) returned 0x18a002e [0218.850] GetBkMode (hdc=0x4c01021e) returned 2 [0218.850] SetBkMode (hdc=0x4c01021e, mode=1) returned 2 [0218.850] DrawTextExW (in: hdc=0x4c01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22b8e48 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0218.850] DrawTextExW (in: hdc=0x4c01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22b8e48 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0218.850] RestoreDC (hdc=0x4c01021e, nSavedDC=-1) returned 1 [0218.851] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4c01021e) returned 0x0 [0218.851] GetFocus () returned 0x201ba [0218.851] IsAppThemed () returned 0x1 [0218.851] GetThemeAppProperties () returned 0x3 [0218.851] GetThemeAppProperties () returned 0x3 [0218.851] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0218.851] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x4c01021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0218.851] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4c01021e) returned 0x0 [0218.851] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0218.851] SelectObject (hdc=0x4c01021e, h=0x185000f) returned 0xa05082d [0218.851] DeleteDC (hdc=0x4c01021e) returned 1 [0218.851] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0218.851] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0218.851] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22b8fb0, cPoints=0x1 | out: lpPoints=0x22b8fb0) returned 22938228 [0218.851] WindowFromPoint (Point=0x171000002f6) returned 0x201ba [0218.851] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102f6) returned 0x1 [0218.851] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0218.851] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0218.851] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0218.852] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0218.852] GetSystemMetrics (nIndex=42) returned 0 [0218.852] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9b46a0 [0218.852] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9b46a0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0218.852] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9b46a0) returned 0x158 [0218.852] CoTaskMemFree (pv=0x1a9b46a0) [0218.853] OleSetClipboard (pDataObj=0x2def28) returned 0x0 [0218.854] OleFlushClipboard () returned 0x0 [0218.854] GlobalReAlloc (hMem=0x1bee00d8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00d8 [0218.854] GlobalLock (hMem=0x1bee00d8) returned 0x1a99d6a0 [0218.854] RtlMoveMemory (in: Destination=0x1a99d6a0, Source=0x22b9e98, Length=0x2b0 | out: Destination=0x1a99d6a0) [0218.854] GlobalUnlock (hMem=0x1bee00d8) returned 0 [0218.855] GetCapture () returned 0x201ba [0218.855] ReleaseCapture () returned 1 [0218.855] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0218.855] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.855] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102f6) returned 0x1 [0218.855] IsWindowUnicode (hWnd=0x201ba) returned 1 [0218.855] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0218.855] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17102f6) returned 0x1 [0218.855] SetCursor (hCursor=0x10003) returned 0x10003 [0218.855] TranslateMessage (lpMsg=0x29ea50) returned 0 [0218.855] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0218.855] GetKeyState (nVirtKey=1) returned 0 [0218.855] GetKeyState (nVirtKey=2) returned 0 [0218.855] GetKeyState (nVirtKey=4) returned 0 [0218.855] GetKeyState (nVirtKey=5) returned 0 [0218.855] GetKeyState (nVirtKey=6) returned 0 [0218.856] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0218.856] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0218.856] WaitMessage () returned 1 [0221.783] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.784] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16a02aa) returned 0x1 [0221.784] IsWindowUnicode (hWnd=0x201ba) returned 1 [0221.784] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.784] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16a02aa) returned 0x1 [0221.784] SetCursor (hCursor=0x10003) returned 0x10003 [0221.784] TranslateMessage (lpMsg=0x29ea50) returned 0 [0221.784] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0221.784] GetKeyState (nVirtKey=1) returned 0 [0221.784] GetKeyState (nVirtKey=2) returned 0 [0221.784] GetKeyState (nVirtKey=4) returned 0 [0221.784] GetKeyState (nVirtKey=5) returned 0 [0221.784] GetKeyState (nVirtKey=6) returned 0 [0221.784] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0221.784] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0221.784] WaitMessage () returned 1 [0221.885] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.885] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16a02aa) returned 0x1 [0221.885] IsWindowUnicode (hWnd=0x201ba) returned 1 [0221.885] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.885] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16a02aa) returned 0x1 [0221.885] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0221.886] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xbd0146) returned 0x0 [0221.886] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0221.886] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0221.886] SetCursor (hCursor=0x10003) returned 0x10003 [0221.886] TranslateMessage (lpMsg=0x29ea50) returned 0 [0221.886] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0221.886] GetKeyState (nVirtKey=1) returned -127 [0221.886] GetKeyState (nVirtKey=2) returned 0 [0221.886] GetKeyState (nVirtKey=4) returned 0 [0221.886] GetKeyState (nVirtKey=5) returned 0 [0221.886] GetKeyState (nVirtKey=6) returned 0 [0221.886] IsWindowVisible (hWnd=0x201ba) returned 1 [0221.886] IsWindowEnabled (hWnd=0x201ba) returned 1 [0221.886] SetFocus (hWnd=0x201ba) returned 0x201ba [0221.886] GetFocus () returned 0x201ba [0221.886] GetFocus () returned 0x201ba [0221.886] GetFocus () returned 0x201ba [0221.886] GetKeyState (nVirtKey=1) returned -127 [0221.886] GetKeyState (nVirtKey=2) returned 0 [0221.886] GetKeyState (nVirtKey=4) returned 0 [0221.886] GetKeyState (nVirtKey=5) returned 0 [0221.886] GetKeyState (nVirtKey=6) returned 0 [0221.886] GetCapture () returned 0x0 [0221.886] SetCapture (hWnd=0x201ba) returned 0x0 [0221.886] GetKeyState (nVirtKey=1) returned -127 [0221.886] GetKeyState (nVirtKey=2) returned 0 [0221.886] GetKeyState (nVirtKey=4) returned 0 [0221.886] GetKeyState (nVirtKey=5) returned 0 [0221.886] GetKeyState (nVirtKey=6) returned 0 [0221.887] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0221.887] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0221.887] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.887] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.887] TranslateMessage (lpMsg=0x29ea50) returned 0 [0221.887] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0221.887] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.887] IsWindowUnicode (hWnd=0x201ba) returned 1 [0221.887] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.887] TranslateMessage (lpMsg=0x29ea50) returned 0 [0221.887] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0221.887] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22ba278, cPoints=0x1 | out: lpPoints=0x22ba278) returned 22938228 [0221.887] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0221.887] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0221.887] UpdateWindow (hWnd=0x201ba) returned 1 [0221.887] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0221.887] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0221.887] CreateCompatibleDC (hdc=0x501080c) returned 0x4d01021e [0221.887] SelectObject (hdc=0x4d01021e, h=0xa05082d) returned 0x185000f [0221.887] GdipCreateFromHDC (hdc=0x4d01021e, graphics=0x29da18) returned 0x0 [0221.887] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0221.887] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0221.887] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0221.887] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0221.887] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0221.887] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0221.887] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0221.888] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0221.888] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0221.888] GdipCreateRegion (region=0x29da40) returned 0x0 [0221.888] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0221.888] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0221.888] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0221.888] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd840dbd) returned 0x0 [0221.888] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0221.888] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0221.888] GetCurrentObject (hdc=0x4d01021e, type=0x1) returned 0x1b00017 [0221.888] GetCurrentObject (hdc=0x4d01021e, type=0x2) returned 0x1900010 [0221.888] GetCurrentObject (hdc=0x4d01021e, type=0x7) returned 0xa05082d [0221.888] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.888] SaveDC (hdc=0x4d01021e) returned 1 [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x0) returned 0x0 [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x0) returned 0x0 [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x0) returned 0x0 [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x989898) returned 0x989898 [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x8b) returned 0x8b [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x7f7f7f) returned 0x7f7f7f [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x989898) returned 0x989898 [0221.888] GetNearestColor (hdc=0x4d01021e, color=0x0) returned 0x0 [0221.889] GetNearestColor (hdc=0x4d01021e, color=0x8b) returned 0x8b [0221.889] RestoreDC (hdc=0x4d01021e, nSavedDC=-1) returned 1 [0221.889] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01021e) returned 0x0 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22bae50 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] IsThemePartDefined () returned 0x1 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0221.889] IsAppThemed () returned 0x1 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] GetThemeAppProperties () returned 0x3 [0221.889] IsAppThemed () returned 0x1 [0221.890] GetThemeAppProperties () returned 0x3 [0221.890] GetThemeAppProperties () returned 0x3 [0221.890] IsThemePartDefined () returned 0x1 [0221.890] GdipCreateRegion (region=0x29d520) returned 0x0 [0221.890] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0221.890] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0221.890] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0221.890] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0221.890] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0221.890] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0221.890] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0221.890] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0221.890] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0221.890] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0221.890] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0221.890] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0221.890] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0221.890] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0221.890] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0221.890] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0221.890] GetCurrentObject (hdc=0x4d01021e, type=0x1) returned 0x1b00017 [0221.890] GetCurrentObject (hdc=0x4d01021e, type=0x2) returned 0x1900010 [0221.890] GetCurrentObject (hdc=0x4d01021e, type=0x7) returned 0xa05082d [0221.890] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.890] SaveDC (hdc=0x4d01021e) returned 1 [0221.890] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x73040812 [0221.891] GetClipRgn (hdc=0x4d01021e, hrgn=0x73040812) returned 0 [0221.891] SelectClipRgn (hdc=0x4d01021e, hrgn=0xffffffffc3040228) returned 2 [0221.891] DeleteObject (ho=0x73040812) returned 1 [0221.891] DeleteObject (ho=0xffffffffc3040228) returned 1 [0221.891] OffsetViewportOrgEx (in: hdc=0x4d01021e, x=0, y=0, lppt=0x22bb838 | out: lppt=0x22bb838) returned 1 [0221.891] DrawThemeParentBackground () returned 0x0 [0221.891] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0221.891] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0221.891] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0221.891] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0221.891] GetSystemMetrics (nIndex=42) returned 0 [0221.891] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0221.891] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0221.891] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0221.891] GetCurrentObject (hdc=0x4d01021e, type=0x1) returned 0x1b00017 [0221.891] GetCurrentObject (hdc=0x4d01021e, type=0x2) returned 0x1900010 [0221.891] GetCurrentObject (hdc=0x4d01021e, type=0x7) returned 0xa05082d [0221.891] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.891] SaveDC (hdc=0x4d01021e) returned 2 [0221.891] GetNearestColor (hdc=0x4d01021e, color=0x0) returned 0x0 [0221.891] CreateSolidBrush (color=0x0) returned 0x5710081f [0221.891] FillRect (hDC=0x4d01021e, lprc=0x29cb98, hbr=0x5710081f) returned 1 [0221.891] DeleteObject (ho=0x5710081f) returned 1 [0221.891] RestoreDC (hdc=0x4d01021e, nSavedDC=-1) returned 1 [0221.892] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0221.892] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0221.892] GetSystemMetrics (nIndex=42) returned 0 [0221.892] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0221.892] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0221.892] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0221.892] GetCurrentObject (hdc=0x4d01021e, type=0x1) returned 0x1b00017 [0221.892] GetCurrentObject (hdc=0x4d01021e, type=0x2) returned 0x1900010 [0221.892] GetCurrentObject (hdc=0x4d01021e, type=0x7) returned 0xa05082d [0221.892] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.892] SaveDC (hdc=0x4d01021e) returned 2 [0221.892] GetNearestColor (hdc=0x4d01021e, color=0x0) returned 0x0 [0221.892] CreateSolidBrush (color=0x0) returned 0x5810081f [0221.892] FillRect (hDC=0x4d01021e, lprc=0x29cac8, hbr=0x5810081f) returned 1 [0221.892] DeleteObject (ho=0x5810081f) returned 1 [0221.892] RestoreDC (hdc=0x4d01021e, nSavedDC=-1) returned 1 [0221.892] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0221.892] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0221.892] GetSystemMetrics (nIndex=42) returned 0 [0221.892] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0221.892] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0221.892] RestoreDC (hdc=0x4d01021e, nSavedDC=-1) returned 1 [0221.893] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01021e) returned 0x0 [0221.893] IsAppThemed () returned 0x1 [0221.893] GetThemeAppProperties () returned 0x3 [0221.893] GetThemeAppProperties () returned 0x3 [0221.893] IsAppThemed () returned 0x1 [0221.893] GetThemeAppProperties () returned 0x3 [0221.893] GetThemeAppProperties () returned 0x3 [0221.893] IsThemePartDefined () returned 0x1 [0221.893] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0221.893] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0221.893] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0221.893] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0221.893] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0221.893] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0221.893] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0221.893] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0221.893] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0221.893] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0221.893] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0221.893] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0221.893] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0221.893] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0221.893] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0221.893] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0221.893] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0221.893] GetCurrentObject (hdc=0x4d01021e, type=0x1) returned 0x1b00017 [0221.893] GetCurrentObject (hdc=0x4d01021e, type=0x2) returned 0x1900010 [0221.893] GetCurrentObject (hdc=0x4d01021e, type=0x7) returned 0xa05082d [0221.893] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.893] SaveDC (hdc=0x4d01021e) returned 1 [0221.894] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffc4040228 [0221.894] GetClipRgn (hdc=0x4d01021e, hrgn=0xffffffffc4040228) returned 0 [0221.894] SelectClipRgn (hdc=0x4d01021e, hrgn=0x75040812) returned 2 [0221.894] DeleteObject (ho=0xffffffffc4040228) returned 1 [0221.894] DeleteObject (ho=0x75040812) returned 1 [0221.894] OffsetViewportOrgEx (in: hdc=0x4d01021e, x=0, y=0, lppt=0x22bc940 | out: lppt=0x22bc940) returned 1 [0221.894] IsAppThemed () returned 0x1 [0221.894] GetThemeAppProperties () returned 0x3 [0221.894] GetThemeAppProperties () returned 0x3 [0221.894] DrawThemeBackground () returned 0x0 [0221.894] RestoreDC (hdc=0x4d01021e, nSavedDC=-1) returned 1 [0221.894] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01021e) returned 0x0 [0221.894] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0221.894] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0221.894] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0221.894] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0221.894] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0221.894] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0221.894] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0221.894] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0221.894] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0221.894] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0221.894] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0221.894] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0221.894] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0221.894] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0221.894] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0221.895] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0221.895] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x1) returned 0x1b00017 [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x2) returned 0x1900010 [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x7) returned 0xa05082d [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.895] SaveDC (hdc=0x4d01021e) returned 1 [0221.895] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x76040812 [0221.895] GetClipRgn (hdc=0x4d01021e, hrgn=0x76040812) returned 0 [0221.895] SelectClipRgn (hdc=0x4d01021e, hrgn=0xffffffffc5040228) returned 2 [0221.895] DeleteObject (ho=0x76040812) returned 1 [0221.895] DeleteObject (ho=0xffffffffc5040228) returned 1 [0221.895] OffsetViewportOrgEx (in: hdc=0x4d01021e, x=0, y=0, lppt=0x22bce18 | out: lppt=0x22bce18) returned 1 [0221.895] IsAppThemed () returned 0x1 [0221.895] GetThemeAppProperties () returned 0x3 [0221.895] GetThemeAppProperties () returned 0x3 [0221.895] GetThemeBackgroundContentRect () returned 0x0 [0221.895] RestoreDC (hdc=0x4d01021e, nSavedDC=-1) returned 1 [0221.895] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01021e) returned 0x0 [0221.895] IsAppThemed () returned 0x1 [0221.895] GetThemeAppProperties () returned 0x3 [0221.895] GetThemeAppProperties () returned 0x3 [0221.895] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0221.895] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x1) returned 0x1b00017 [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x2) returned 0x1900010 [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x7) returned 0xa05082d [0221.895] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.895] SaveDC (hdc=0x4d01021e) returned 1 [0221.896] GetTextAlign (hdc=0x4d01021e) returned 0x0 [0221.896] GetTextColor (hdc=0x4d01021e) returned 0x0 [0221.896] SetTextColor (hdc=0x4d01021e, color=0x8b) returned 0x0 [0221.896] GetCurrentObject (hdc=0x4d01021e, type=0x6) returned 0x18a002e [0221.896] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0221.896] SelectObject (hdc=0x4d01021e, h=0x90a0819) returned 0x18a002e [0221.896] GetBkMode (hdc=0x4d01021e) returned 2 [0221.896] SetBkMode (hdc=0x4d01021e, mode=1) returned 2 [0221.896] DrawTextExW (in: hdc=0x4d01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22bd4a0 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0221.896] DrawTextExW (in: hdc=0x4d01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22bd4a0 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0221.896] RestoreDC (hdc=0x4d01021e, nSavedDC=-1) returned 1 [0221.896] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01021e) returned 0x0 [0221.896] GetFocus () returned 0x201ba [0221.896] IsAppThemed () returned 0x1 [0221.896] GetThemeAppProperties () returned 0x3 [0221.896] GetThemeAppProperties () returned 0x3 [0221.896] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0221.896] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x4d01021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0221.896] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01021e) returned 0x0 [0221.896] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0221.897] SelectObject (hdc=0x4d01021e, h=0x185000f) returned 0xa05082d [0221.897] DeleteDC (hdc=0x4d01021e) returned 1 [0221.897] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0221.897] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0221.897] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22bd608, cPoints=0x1 | out: lpPoints=0x22bd608) returned 22938228 [0221.897] WindowFromPoint (Point=0x16a000002aa) returned 0x201ba [0221.897] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16a02aa) returned 0x1 [0221.897] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0221.897] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0221.897] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0221.897] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0221.897] GetSystemMetrics (nIndex=42) returned 0 [0221.897] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9b46a0 [0221.897] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9b46a0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0221.897] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9b46a0) returned 0x158 [0221.897] CoTaskMemFree (pv=0x1a9b46a0) [0221.898] OleSetClipboard (pDataObj=0x2dee28) returned 0x0 [0221.899] OleFlushClipboard () returned 0x0 [0221.899] GlobalReAlloc (hMem=0x1bee00e8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00e8 [0221.899] GlobalLock (hMem=0x1bee00e8) returned 0x1a99d6a0 [0221.899] RtlMoveMemory (in: Destination=0x1a99d6a0, Source=0x22be4f0, Length=0x2b0 | out: Destination=0x1a99d6a0) [0221.899] GlobalUnlock (hMem=0x1bee00e8) returned 0 [0221.900] GetCapture () returned 0x201ba [0221.900] ReleaseCapture () returned 1 [0221.900] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0221.900] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.900] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16a02aa) returned 0x1 [0221.900] IsWindowUnicode (hWnd=0x201ba) returned 1 [0221.900] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0221.900] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16a02aa) returned 0x1 [0221.900] SetCursor (hCursor=0x10003) returned 0x10003 [0221.900] TranslateMessage (lpMsg=0x29ea50) returned 0 [0221.900] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0221.900] GetKeyState (nVirtKey=1) returned 1 [0221.900] GetKeyState (nVirtKey=2) returned 0 [0221.900] GetKeyState (nVirtKey=4) returned 0 [0221.900] GetKeyState (nVirtKey=5) returned 0 [0221.900] GetKeyState (nVirtKey=6) returned 0 [0221.900] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0221.900] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0221.900] WaitMessage () returned 1 [0224.828] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.828] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17602c3) returned 0x1 [0224.828] IsWindowUnicode (hWnd=0x201ba) returned 1 [0224.828] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.828] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17602c3) returned 0x1 [0224.829] SetCursor (hCursor=0x10003) returned 0x10003 [0224.829] TranslateMessage (lpMsg=0x29ea50) returned 0 [0224.829] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0224.829] GetKeyState (nVirtKey=1) returned 1 [0224.829] GetKeyState (nVirtKey=2) returned 0 [0224.829] GetKeyState (nVirtKey=4) returned 0 [0224.829] GetKeyState (nVirtKey=5) returned 0 [0224.829] GetKeyState (nVirtKey=6) returned 0 [0224.829] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0224.829] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0224.829] WaitMessage () returned 1 [0224.904] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.904] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17602c3) returned 0x1 [0224.905] IsWindowUnicode (hWnd=0x201ba) returned 1 [0224.905] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.905] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17602c3) returned 0x1 [0224.905] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0224.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc9015f) returned 0x0 [0224.905] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0224.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0224.905] SetCursor (hCursor=0x10003) returned 0x10003 [0224.905] TranslateMessage (lpMsg=0x29ea50) returned 0 [0224.905] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0224.905] GetKeyState (nVirtKey=1) returned -128 [0224.905] GetKeyState (nVirtKey=2) returned 0 [0224.905] GetKeyState (nVirtKey=4) returned 0 [0224.905] GetKeyState (nVirtKey=5) returned 0 [0224.906] GetKeyState (nVirtKey=6) returned 0 [0224.906] IsWindowVisible (hWnd=0x201ba) returned 1 [0224.906] IsWindowEnabled (hWnd=0x201ba) returned 1 [0224.906] SetFocus (hWnd=0x201ba) returned 0x201ba [0224.906] GetFocus () returned 0x201ba [0224.906] GetFocus () returned 0x201ba [0224.906] GetFocus () returned 0x201ba [0224.906] GetKeyState (nVirtKey=1) returned -128 [0224.906] GetKeyState (nVirtKey=2) returned 0 [0224.906] GetKeyState (nVirtKey=4) returned 0 [0224.906] GetKeyState (nVirtKey=5) returned 0 [0224.906] GetKeyState (nVirtKey=6) returned 0 [0224.906] GetCapture () returned 0x0 [0224.906] SetCapture (hWnd=0x201ba) returned 0x0 [0224.906] GetKeyState (nVirtKey=1) returned -128 [0224.906] GetKeyState (nVirtKey=2) returned 0 [0224.906] GetKeyState (nVirtKey=4) returned 0 [0224.906] GetKeyState (nVirtKey=5) returned 0 [0224.906] GetKeyState (nVirtKey=6) returned 0 [0224.906] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0224.906] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0224.906] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.906] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.906] TranslateMessage (lpMsg=0x29ea50) returned 0 [0224.906] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0224.906] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.906] IsWindowUnicode (hWnd=0x201ba) returned 1 [0224.906] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.906] TranslateMessage (lpMsg=0x29ea50) returned 0 [0224.906] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0224.906] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22be8d0, cPoints=0x1 | out: lpPoints=0x22be8d0) returned 22938228 [0224.906] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0224.906] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0224.906] UpdateWindow (hWnd=0x201ba) returned 1 [0224.907] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0224.907] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0224.907] CreateCompatibleDC (hdc=0x501080c) returned 0x4e01021e [0224.907] SelectObject (hdc=0x4e01021e, h=0xa05082d) returned 0x185000f [0224.907] GdipCreateFromHDC (hdc=0x4e01021e, graphics=0x29da18) returned 0x0 [0224.907] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0224.907] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0224.907] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0224.907] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0224.907] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0224.907] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0224.907] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0224.907] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0224.907] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0224.907] GdipCreateRegion (region=0x29da40) returned 0x0 [0224.907] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0224.907] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0224.907] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0224.907] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd820dbd) returned 0x0 [0224.908] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0224.908] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0224.908] GetCurrentObject (hdc=0x4e01021e, type=0x1) returned 0x1b00017 [0224.908] GetCurrentObject (hdc=0x4e01021e, type=0x2) returned 0x1900010 [0224.908] GetCurrentObject (hdc=0x4e01021e, type=0x7) returned 0xa05082d [0224.908] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.908] SaveDC (hdc=0x4e01021e) returned 1 [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x0) returned 0x0 [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x0) returned 0x0 [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x0) returned 0x0 [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x989898) returned 0x989898 [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x8b) returned 0x8b [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x7f7f7f) returned 0x7f7f7f [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x989898) returned 0x989898 [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x0) returned 0x0 [0224.908] GetNearestColor (hdc=0x4e01021e, color=0x8b) returned 0x8b [0224.908] RestoreDC (hdc=0x4e01021e, nSavedDC=-1) returned 1 [0224.908] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4e01021e) returned 0x0 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22bf4a8 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsThemePartDefined () returned 0x1 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsAppThemed () returned 0x1 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] GetThemeAppProperties () returned 0x3 [0224.909] IsThemePartDefined () returned 0x1 [0224.910] GdipCreateRegion (region=0x29d520) returned 0x0 [0224.910] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0224.910] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0224.910] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0224.910] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0224.910] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0224.910] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0224.910] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0224.910] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0224.910] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0224.910] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0224.910] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0224.910] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0224.910] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0224.910] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0224.910] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0224.910] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0224.910] GetCurrentObject (hdc=0x4e01021e, type=0x1) returned 0x1b00017 [0224.910] GetCurrentObject (hdc=0x4e01021e, type=0x2) returned 0x1900010 [0224.910] GetCurrentObject (hdc=0x4e01021e, type=0x7) returned 0xa05082d [0224.910] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.910] SaveDC (hdc=0x4e01021e) returned 1 [0224.911] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffc6040228 [0224.911] GetClipRgn (hdc=0x4e01021e, hrgn=0xffffffffc6040228) returned 0 [0224.911] SelectClipRgn (hdc=0x4e01021e, hrgn=0x7a040812) returned 2 [0224.911] DeleteObject (ho=0xffffffffc6040228) returned 1 [0224.911] DeleteObject (ho=0x7a040812) returned 1 [0224.911] OffsetViewportOrgEx (in: hdc=0x4e01021e, x=0, y=0, lppt=0x22bfe90 | out: lppt=0x22bfe90) returned 1 [0224.911] DrawThemeParentBackground () returned 0x0 [0224.911] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0224.911] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0224.911] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0224.911] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0224.911] GetSystemMetrics (nIndex=42) returned 0 [0224.911] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0224.911] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0224.911] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0224.911] GetCurrentObject (hdc=0x4e01021e, type=0x1) returned 0x1b00017 [0224.911] GetCurrentObject (hdc=0x4e01021e, type=0x2) returned 0x1900010 [0224.911] GetCurrentObject (hdc=0x4e01021e, type=0x7) returned 0xa05082d [0224.911] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.911] SaveDC (hdc=0x4e01021e) returned 2 [0224.911] GetNearestColor (hdc=0x4e01021e, color=0x0) returned 0x0 [0224.912] CreateSolidBrush (color=0x0) returned 0x5910081f [0224.912] FillRect (hDC=0x4e01021e, lprc=0x29cb98, hbr=0x5910081f) returned 1 [0224.912] DeleteObject (ho=0x5910081f) returned 1 [0224.912] RestoreDC (hdc=0x4e01021e, nSavedDC=-1) returned 1 [0224.912] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0224.912] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0224.912] GetSystemMetrics (nIndex=42) returned 0 [0224.912] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0224.912] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0224.912] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0224.912] GetCurrentObject (hdc=0x4e01021e, type=0x1) returned 0x1b00017 [0224.912] GetCurrentObject (hdc=0x4e01021e, type=0x2) returned 0x1900010 [0224.912] GetCurrentObject (hdc=0x4e01021e, type=0x7) returned 0xa05082d [0224.912] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.912] SaveDC (hdc=0x4e01021e) returned 2 [0224.912] GetNearestColor (hdc=0x4e01021e, color=0x0) returned 0x0 [0224.912] CreateSolidBrush (color=0x0) returned 0x5a10081f [0224.912] FillRect (hDC=0x4e01021e, lprc=0x29cac8, hbr=0x5a10081f) returned 1 [0224.912] DeleteObject (ho=0x5a10081f) returned 1 [0224.912] RestoreDC (hdc=0x4e01021e, nSavedDC=-1) returned 1 [0224.913] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0224.913] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0224.913] GetSystemMetrics (nIndex=42) returned 0 [0224.913] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0224.913] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0224.913] RestoreDC (hdc=0x4e01021e, nSavedDC=-1) returned 1 [0224.913] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4e01021e) returned 0x0 [0224.913] IsAppThemed () returned 0x1 [0224.913] GetThemeAppProperties () returned 0x3 [0224.913] GetThemeAppProperties () returned 0x3 [0224.913] IsAppThemed () returned 0x1 [0224.913] GetThemeAppProperties () returned 0x3 [0224.913] GetThemeAppProperties () returned 0x3 [0224.913] IsThemePartDefined () returned 0x1 [0224.913] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0224.913] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0224.913] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0224.913] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0224.913] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0224.913] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0224.913] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0224.913] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0224.913] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0224.913] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0224.913] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0224.914] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0224.914] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0224.914] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0224.914] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0224.914] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0224.914] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0224.914] GetCurrentObject (hdc=0x4e01021e, type=0x1) returned 0x1b00017 [0224.914] GetCurrentObject (hdc=0x4e01021e, type=0x2) returned 0x1900010 [0224.914] GetCurrentObject (hdc=0x4e01021e, type=0x7) returned 0xa05082d [0224.914] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.914] SaveDC (hdc=0x4e01021e) returned 1 [0224.914] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x7b040812 [0224.914] GetClipRgn (hdc=0x4e01021e, hrgn=0x7b040812) returned 0 [0224.914] SelectClipRgn (hdc=0x4e01021e, hrgn=0xffffffffc8040228) returned 2 [0224.914] DeleteObject (ho=0x7b040812) returned 1 [0224.914] DeleteObject (ho=0xffffffffc8040228) returned 1 [0224.914] OffsetViewportOrgEx (in: hdc=0x4e01021e, x=0, y=0, lppt=0x22c0f98 | out: lppt=0x22c0f98) returned 1 [0224.914] IsAppThemed () returned 0x1 [0224.914] GetThemeAppProperties () returned 0x3 [0224.914] GetThemeAppProperties () returned 0x3 [0224.914] DrawThemeBackground () returned 0x0 [0224.915] RestoreDC (hdc=0x4e01021e, nSavedDC=-1) returned 1 [0224.915] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4e01021e) returned 0x0 [0224.915] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0224.915] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0224.915] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0224.915] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0224.915] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0224.915] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0224.915] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0224.915] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0224.915] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0224.915] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0224.915] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0224.915] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0224.915] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0224.915] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0224.915] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0224.915] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0224.915] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0224.915] GetCurrentObject (hdc=0x4e01021e, type=0x1) returned 0x1b00017 [0224.915] GetCurrentObject (hdc=0x4e01021e, type=0x2) returned 0x1900010 [0224.915] GetCurrentObject (hdc=0x4e01021e, type=0x7) returned 0xa05082d [0224.915] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.916] SaveDC (hdc=0x4e01021e) returned 1 [0224.916] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffc9040228 [0224.916] GetClipRgn (hdc=0x4e01021e, hrgn=0xffffffffc9040228) returned 0 [0224.916] SelectClipRgn (hdc=0x4e01021e, hrgn=0x7c040812) returned 2 [0224.916] DeleteObject (ho=0xffffffffc9040228) returned 1 [0224.916] DeleteObject (ho=0x7c040812) returned 1 [0224.916] OffsetViewportOrgEx (in: hdc=0x4e01021e, x=0, y=0, lppt=0x22c1470 | out: lppt=0x22c1470) returned 1 [0224.916] IsAppThemed () returned 0x1 [0224.916] GetThemeAppProperties () returned 0x3 [0224.916] GetThemeAppProperties () returned 0x3 [0224.916] GetThemeBackgroundContentRect () returned 0x0 [0224.916] RestoreDC (hdc=0x4e01021e, nSavedDC=-1) returned 1 [0224.916] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4e01021e) returned 0x0 [0224.916] IsAppThemed () returned 0x1 [0224.916] GetThemeAppProperties () returned 0x3 [0224.916] GetThemeAppProperties () returned 0x3 [0224.916] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0224.916] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0224.916] GetCurrentObject (hdc=0x4e01021e, type=0x1) returned 0x1b00017 [0224.916] GetCurrentObject (hdc=0x4e01021e, type=0x2) returned 0x1900010 [0224.916] GetCurrentObject (hdc=0x4e01021e, type=0x7) returned 0xa05082d [0224.916] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.916] SaveDC (hdc=0x4e01021e) returned 1 [0224.917] GetTextAlign (hdc=0x4e01021e) returned 0x0 [0224.917] GetTextColor (hdc=0x4e01021e) returned 0x0 [0224.917] SetTextColor (hdc=0x4e01021e, color=0x8b) returned 0x0 [0224.917] GetCurrentObject (hdc=0x4e01021e, type=0x6) returned 0x18a002e [0224.917] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0224.917] SelectObject (hdc=0x4e01021e, h=0x90a0819) returned 0x18a002e [0224.917] GetBkMode (hdc=0x4e01021e) returned 2 [0224.917] SetBkMode (hdc=0x4e01021e, mode=1) returned 2 [0224.917] DrawTextExW (in: hdc=0x4e01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22c1af8 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0224.917] DrawTextExW (in: hdc=0x4e01021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22c1af8 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0224.917] RestoreDC (hdc=0x4e01021e, nSavedDC=-1) returned 1 [0224.917] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4e01021e) returned 0x0 [0224.917] GetFocus () returned 0x201ba [0224.917] IsAppThemed () returned 0x1 [0224.918] GetThemeAppProperties () returned 0x3 [0224.918] GetThemeAppProperties () returned 0x3 [0224.918] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0224.918] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x4e01021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0224.918] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4e01021e) returned 0x0 [0224.918] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0224.918] SelectObject (hdc=0x4e01021e, h=0x185000f) returned 0xa05082d [0224.918] DeleteDC (hdc=0x4e01021e) returned 1 [0224.918] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0224.918] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0224.918] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22c1c60, cPoints=0x1 | out: lpPoints=0x22c1c60) returned 22938228 [0224.918] WindowFromPoint (Point=0x176000002c3) returned 0x201ba [0224.918] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17602c3) returned 0x1 [0224.918] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0224.918] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0224.918] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0224.918] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0224.918] GetSystemMetrics (nIndex=42) returned 0 [0224.918] CoTaskMemAlloc (cb=0x2b6) returned 0x1a9b46a0 [0224.919] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a9b46a0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0224.919] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a9b46a0) returned 0x158 [0224.919] CoTaskMemFree (pv=0x1a9b46a0) [0224.920] OleSetClipboard (pDataObj=0x2ded28) returned 0x0 [0224.921] OleFlushClipboard () returned 0x0 [0224.921] GlobalReAlloc (hMem=0x1bee00b8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00b8 [0224.921] GlobalLock (hMem=0x1bee00b8) returned 0x1a99d6a0 [0224.921] RtlMoveMemory (in: Destination=0x1a99d6a0, Source=0x22c2b48, Length=0x2b0 | out: Destination=0x1a99d6a0) [0224.921] GlobalUnlock (hMem=0x1bee00b8) returned 0 [0224.922] GetCapture () returned 0x201ba [0224.922] ReleaseCapture () returned 1 [0224.922] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0224.922] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.922] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17602c3) returned 0x1 [0224.922] IsWindowUnicode (hWnd=0x201ba) returned 1 [0224.922] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0224.922] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17602c3) returned 0x1 [0224.922] SetCursor (hCursor=0x10003) returned 0x10003 [0224.922] TranslateMessage (lpMsg=0x29ea50) returned 0 [0224.922] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0224.922] GetKeyState (nVirtKey=1) returned 0 [0224.922] GetKeyState (nVirtKey=2) returned 0 [0224.922] GetKeyState (nVirtKey=4) returned 0 [0224.922] GetKeyState (nVirtKey=5) returned 0 [0224.922] GetKeyState (nVirtKey=6) returned 0 [0224.922] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0224.922] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0224.922] WaitMessage () returned 1 [0227.947] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0227.947] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e6) returned 0x1 [0227.947] IsWindowUnicode (hWnd=0x201ba) returned 1 [0227.947] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0227.947] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e6) returned 0x1 [0227.947] SetCursor (hCursor=0x10003) returned 0x10003 [0227.947] TranslateMessage (lpMsg=0x29ea50) returned 0 [0227.947] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0227.947] GetKeyState (nVirtKey=1) returned 0 [0227.947] GetKeyState (nVirtKey=2) returned 0 [0227.947] GetKeyState (nVirtKey=4) returned 0 [0227.947] GetKeyState (nVirtKey=5) returned 0 [0227.947] GetKeyState (nVirtKey=6) returned 0 [0227.947] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0227.947] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0227.947] WaitMessage () returned 1 [0228.024] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.024] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e6) returned 0x1 [0228.024] IsWindowUnicode (hWnd=0x201ba) returned 1 [0228.024] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.024] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e6) returned 0x1 [0228.025] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0228.025] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc60182) returned 0x0 [0228.025] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0228.025] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0228.025] SetCursor (hCursor=0x10003) returned 0x10003 [0228.025] TranslateMessage (lpMsg=0x29ea50) returned 0 [0228.025] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0228.025] GetKeyState (nVirtKey=1) returned -127 [0228.025] GetKeyState (nVirtKey=2) returned 0 [0228.025] GetKeyState (nVirtKey=4) returned 0 [0228.025] GetKeyState (nVirtKey=5) returned 0 [0228.025] GetKeyState (nVirtKey=6) returned 0 [0228.025] IsWindowVisible (hWnd=0x201ba) returned 1 [0228.025] IsWindowEnabled (hWnd=0x201ba) returned 1 [0228.025] SetFocus (hWnd=0x201ba) returned 0x201ba [0228.025] GetFocus () returned 0x201ba [0228.025] GetFocus () returned 0x201ba [0228.025] GetFocus () returned 0x201ba [0228.025] GetKeyState (nVirtKey=1) returned -127 [0228.025] GetKeyState (nVirtKey=2) returned 0 [0228.026] GetKeyState (nVirtKey=4) returned 0 [0228.026] GetKeyState (nVirtKey=5) returned 0 [0228.026] GetKeyState (nVirtKey=6) returned 0 [0228.026] GetCapture () returned 0x0 [0228.026] SetCapture (hWnd=0x201ba) returned 0x0 [0228.026] GetKeyState (nVirtKey=1) returned -127 [0228.026] GetKeyState (nVirtKey=2) returned 0 [0228.026] GetKeyState (nVirtKey=4) returned 0 [0228.026] GetKeyState (nVirtKey=5) returned 0 [0228.026] GetKeyState (nVirtKey=6) returned 0 [0228.026] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0228.026] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0228.026] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.026] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.026] TranslateMessage (lpMsg=0x29ea50) returned 0 [0228.026] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0228.026] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.026] IsWindowUnicode (hWnd=0x201ba) returned 1 [0228.026] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.026] TranslateMessage (lpMsg=0x29ea50) returned 0 [0228.026] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0228.026] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22c2f28, cPoints=0x1 | out: lpPoints=0x22c2f28) returned 22938228 [0228.026] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0228.026] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0228.026] UpdateWindow (hWnd=0x201ba) returned 1 [0228.026] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0228.026] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0228.026] CreateCompatibleDC (hdc=0x501080c) returned 0x5201021e [0228.026] SelectObject (hdc=0x5201021e, h=0xa05082d) returned 0x185000f [0228.026] GdipCreateFromHDC (hdc=0x5201021e, graphics=0x29da18) returned 0x0 [0228.026] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0228.026] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0228.027] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0228.027] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0228.027] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0228.027] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0228.027] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0228.027] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0228.027] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0228.027] GdipCreateRegion (region=0x29da40) returned 0x0 [0228.027] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0228.027] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29daa0) returned 0x0 [0228.027] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29db40) returned 0x0 [0228.027] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd800dbd) returned 0x0 [0228.027] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0228.027] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d7b8) returned 0x0 [0228.027] GetCurrentObject (hdc=0x5201021e, type=0x1) returned 0x1b00017 [0228.027] GetCurrentObject (hdc=0x5201021e, type=0x2) returned 0x1900010 [0228.027] GetCurrentObject (hdc=0x5201021e, type=0x7) returned 0xa05082d [0228.027] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.027] SaveDC (hdc=0x5201021e) returned 1 [0228.027] GetNearestColor (hdc=0x5201021e, color=0x0) returned 0x0 [0228.027] GetNearestColor (hdc=0x5201021e, color=0x0) returned 0x0 [0228.027] GetNearestColor (hdc=0x5201021e, color=0x0) returned 0x0 [0228.027] GetNearestColor (hdc=0x5201021e, color=0x989898) returned 0x989898 [0228.027] GetNearestColor (hdc=0x5201021e, color=0x8b) returned 0x8b [0228.028] GetNearestColor (hdc=0x5201021e, color=0x7f7f7f) returned 0x7f7f7f [0228.028] GetNearestColor (hdc=0x5201021e, color=0x989898) returned 0x989898 [0228.028] GetNearestColor (hdc=0x5201021e, color=0x0) returned 0x0 [0228.028] GetNearestColor (hdc=0x5201021e, color=0x8b) returned 0x8b [0228.028] RestoreDC (hdc=0x5201021e, nSavedDC=-1) returned 1 [0228.028] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5201021e) returned 0x0 [0228.028] IsAppThemed () returned 0x1 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] IsAppThemed () returned 0x1 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22c3b00 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0228.028] IsAppThemed () returned 0x1 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] IsAppThemed () returned 0x1 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] IsAppThemed () returned 0x1 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] IsAppThemed () returned 0x1 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] IsThemePartDefined () returned 0x1 [0228.028] IsAppThemed () returned 0x1 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] GetThemeAppProperties () returned 0x3 [0228.028] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0228.028] IsAppThemed () returned 0x1 [0228.029] GetThemeAppProperties () returned 0x3 [0228.029] GetThemeAppProperties () returned 0x3 [0228.029] IsAppThemed () returned 0x1 [0228.029] GetThemeAppProperties () returned 0x3 [0228.029] GetThemeAppProperties () returned 0x3 [0228.029] IsThemePartDefined () returned 0x1 [0228.029] GdipCreateRegion (region=0x29d520) returned 0x0 [0228.029] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0228.029] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0228.029] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0228.029] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0228.029] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0228.029] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0228.029] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0228.029] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0228.029] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0228.029] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0228.029] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0228.029] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5f0) returned 0x0 [0228.029] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d5b0) returned 0x0 [0228.029] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d5b0) returned 0x0 [0228.029] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0228.029] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d5f8) returned 0x0 [0228.029] GetCurrentObject (hdc=0x5201021e, type=0x1) returned 0x1b00017 [0228.029] GetCurrentObject (hdc=0x5201021e, type=0x2) returned 0x1900010 [0228.029] GetCurrentObject (hdc=0x5201021e, type=0x7) returned 0xa05082d [0228.029] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.029] SaveDC (hdc=0x5201021e) returned 1 [0228.029] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x7d040812 [0228.030] GetClipRgn (hdc=0x5201021e, hrgn=0x7d040812) returned 0 [0228.030] SelectClipRgn (hdc=0x5201021e, hrgn=0xffffffffcd040228) returned 2 [0228.030] DeleteObject (ho=0x7d040812) returned 1 [0228.030] DeleteObject (ho=0xffffffffcd040228) returned 1 [0228.030] OffsetViewportOrgEx (in: hdc=0x5201021e, x=0, y=0, lppt=0x22c44e8 | out: lppt=0x22c44e8) returned 1 [0228.030] DrawThemeParentBackground () returned 0x0 [0228.030] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0228.030] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0228.030] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0228.030] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0228.030] GetSystemMetrics (nIndex=42) returned 0 [0228.030] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0228.030] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0228.030] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0228.030] GetCurrentObject (hdc=0x5201021e, type=0x1) returned 0x1b00017 [0228.030] GetCurrentObject (hdc=0x5201021e, type=0x2) returned 0x1900010 [0228.030] GetCurrentObject (hdc=0x5201021e, type=0x7) returned 0xa05082d [0228.030] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.030] SaveDC (hdc=0x5201021e) returned 2 [0228.030] GetNearestColor (hdc=0x5201021e, color=0x0) returned 0x0 [0228.030] CreateSolidBrush (color=0x0) returned 0x5b10081f [0228.030] FillRect (hDC=0x5201021e, lprc=0x29cb98, hbr=0x5b10081f) returned 1 [0228.030] DeleteObject (ho=0x5b10081f) returned 1 [0228.030] RestoreDC (hdc=0x5201021e, nSavedDC=-1) returned 1 [0228.031] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0228.031] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0228.031] GetSystemMetrics (nIndex=42) returned 0 [0228.031] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0228.031] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0228.031] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0228.031] GetCurrentObject (hdc=0x5201021e, type=0x1) returned 0x1b00017 [0228.031] GetCurrentObject (hdc=0x5201021e, type=0x2) returned 0x1900010 [0228.031] GetCurrentObject (hdc=0x5201021e, type=0x7) returned 0xa05082d [0228.031] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.031] SaveDC (hdc=0x5201021e) returned 2 [0228.031] GetNearestColor (hdc=0x5201021e, color=0x0) returned 0x0 [0228.031] CreateSolidBrush (color=0x0) returned 0x5c10081f [0228.031] FillRect (hDC=0x5201021e, lprc=0x29cac8, hbr=0x5c10081f) returned 1 [0228.031] DeleteObject (ho=0x5c10081f) returned 1 [0228.031] RestoreDC (hdc=0x5201021e, nSavedDC=-1) returned 1 [0228.031] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0228.031] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0228.031] GetSystemMetrics (nIndex=42) returned 0 [0228.031] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0228.031] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0228.031] RestoreDC (hdc=0x5201021e, nSavedDC=-1) returned 1 [0228.031] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5201021e) returned 0x0 [0228.031] IsAppThemed () returned 0x1 [0228.031] GetThemeAppProperties () returned 0x3 [0228.031] GetThemeAppProperties () returned 0x3 [0228.032] IsAppThemed () returned 0x1 [0228.032] GetThemeAppProperties () returned 0x3 [0228.032] GetThemeAppProperties () returned 0x3 [0228.032] IsThemePartDefined () returned 0x1 [0228.032] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0228.032] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0228.032] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0228.032] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0228.032] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0228.032] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0228.032] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0228.032] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0228.032] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0228.032] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0228.032] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0228.032] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0228.032] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d590) returned 0x0 [0228.032] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d550) returned 0x0 [0228.032] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d550) returned 0x0 [0228.032] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0228.032] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d598) returned 0x0 [0228.032] GetCurrentObject (hdc=0x5201021e, type=0x1) returned 0x1b00017 [0228.032] GetCurrentObject (hdc=0x5201021e, type=0x2) returned 0x1900010 [0228.032] GetCurrentObject (hdc=0x5201021e, type=0x7) returned 0xa05082d [0228.032] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.032] SaveDC (hdc=0x5201021e) returned 1 [0228.032] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffce040228 [0228.032] GetClipRgn (hdc=0x5201021e, hrgn=0xffffffffce040228) returned 0 [0228.033] SelectClipRgn (hdc=0x5201021e, hrgn=0x7f040812) returned 2 [0228.033] DeleteObject (ho=0xffffffffce040228) returned 1 [0228.033] DeleteObject (ho=0x7f040812) returned 1 [0228.033] OffsetViewportOrgEx (in: hdc=0x5201021e, x=0, y=0, lppt=0x22c55f0 | out: lppt=0x22c55f0) returned 1 [0228.033] IsAppThemed () returned 0x1 [0228.033] GetThemeAppProperties () returned 0x3 [0228.033] GetThemeAppProperties () returned 0x3 [0228.033] DrawThemeBackground () returned 0x0 [0228.033] RestoreDC (hdc=0x5201021e, nSavedDC=-1) returned 1 [0228.033] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5201021e) returned 0x0 [0228.033] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0228.033] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0228.033] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0228.033] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0228.033] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0228.033] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0228.033] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0228.033] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0228.033] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0228.033] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0228.033] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0228.033] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0228.033] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d580) returned 0x0 [0228.033] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29d540) returned 0x0 [0228.033] GdipGetRegionHRgn (region=0x1c34ac70, graphics=0x1bcbdb80, hRgn=0x29d540) returned 0x0 [0228.033] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0228.033] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d588) returned 0x0 [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x1) returned 0x1b00017 [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x2) returned 0x1900010 [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x7) returned 0xa05082d [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.034] SaveDC (hdc=0x5201021e) returned 1 [0228.034] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff80040812 [0228.034] GetClipRgn (hdc=0x5201021e, hrgn=0xffffffff80040812) returned 0 [0228.034] SelectClipRgn (hdc=0x5201021e, hrgn=0xffffffffcf040228) returned 2 [0228.034] DeleteObject (ho=0xffffffff80040812) returned 1 [0228.034] DeleteObject (ho=0xffffffffcf040228) returned 1 [0228.034] OffsetViewportOrgEx (in: hdc=0x5201021e, x=0, y=0, lppt=0x22c5ac8 | out: lppt=0x22c5ac8) returned 1 [0228.034] IsAppThemed () returned 0x1 [0228.034] GetThemeAppProperties () returned 0x3 [0228.034] GetThemeAppProperties () returned 0x3 [0228.034] GetThemeBackgroundContentRect () returned 0x0 [0228.034] RestoreDC (hdc=0x5201021e, nSavedDC=-1) returned 1 [0228.034] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5201021e) returned 0x0 [0228.034] IsAppThemed () returned 0x1 [0228.034] GetThemeAppProperties () returned 0x3 [0228.034] GetThemeAppProperties () returned 0x3 [0228.034] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29d768) returned 0x0 [0228.034] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29d748) returned 0x0 [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x1) returned 0x1b00017 [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x2) returned 0x1900010 [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x7) returned 0xa05082d [0228.034] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.034] SaveDC (hdc=0x5201021e) returned 1 [0228.035] GetTextAlign (hdc=0x5201021e) returned 0x0 [0228.035] GetTextColor (hdc=0x5201021e) returned 0x0 [0228.035] SetTextColor (hdc=0x5201021e, color=0x8b) returned 0x0 [0228.035] GetCurrentObject (hdc=0x5201021e, type=0x6) returned 0x18a002e [0228.035] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0228.035] SelectObject (hdc=0x5201021e, h=0x90a0819) returned 0x18a002e [0228.035] GetBkMode (hdc=0x5201021e) returned 2 [0228.035] SetBkMode (hdc=0x5201021e, mode=1) returned 2 [0228.035] DrawTextExW (in: hdc=0x5201021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22c6150 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0228.035] DrawTextExW (in: hdc=0x5201021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22c6150 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0228.035] RestoreDC (hdc=0x5201021e, nSavedDC=-1) returned 1 [0228.035] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5201021e) returned 0x0 [0228.035] GetFocus () returned 0x201ba [0228.035] IsAppThemed () returned 0x1 [0228.035] GetThemeAppProperties () returned 0x3 [0228.035] GetThemeAppProperties () returned 0x3 [0228.035] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29da58) returned 0x0 [0228.035] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x5201021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0228.035] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5201021e) returned 0x0 [0228.035] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0228.035] SelectObject (hdc=0x5201021e, h=0x185000f) returned 0xa05082d [0228.036] DeleteDC (hdc=0x5201021e) returned 1 [0228.036] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0228.036] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0228.036] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22c62b8, cPoints=0x1 | out: lpPoints=0x22c62b8) returned 22938228 [0228.036] WindowFromPoint (Point=0x173000002e6) returned 0x201ba [0228.036] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e6) returned 0x1 [0228.036] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0228.036] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0228.036] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0228.036] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0228.036] GetSystemMetrics (nIndex=42) returned 0 [0228.036] CoTaskMemAlloc (cb=0x2b6) returned 0x1a978aa0 [0228.036] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a978aa0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0228.036] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a978aa0) returned 0x158 [0228.036] CoTaskMemFree (pv=0x1a978aa0) [0228.037] OleSetClipboard (pDataObj=0x2dec28) returned 0x0 [0228.038] OleFlushClipboard () returned 0x0 [0228.038] GlobalReAlloc (hMem=0x1bee00c8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00c8 [0228.038] GlobalLock (hMem=0x1bee00c8) returned 0x1a99d6a0 [0228.038] RtlMoveMemory (in: Destination=0x1a99d6a0, Source=0x22c71a0, Length=0x2b0 | out: Destination=0x1a99d6a0) [0228.038] GlobalUnlock (hMem=0x1bee00c8) returned 0 [0228.038] GetCapture () returned 0x201ba [0228.038] ReleaseCapture () returned 1 [0228.039] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0228.039] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.039] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e6) returned 0x1 [0228.039] IsWindowUnicode (hWnd=0x201ba) returned 1 [0228.039] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0228.039] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e6) returned 0x1 [0228.039] SetCursor (hCursor=0x10003) returned 0x10003 [0228.039] TranslateMessage (lpMsg=0x29ea50) returned 0 [0228.039] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0228.039] GetKeyState (nVirtKey=1) returned 1 [0228.039] GetKeyState (nVirtKey=2) returned 0 [0228.039] GetKeyState (nVirtKey=4) returned 0 [0228.039] GetKeyState (nVirtKey=5) returned 0 [0228.039] GetKeyState (nVirtKey=6) returned 0 [0228.039] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0228.039] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0228.039] WaitMessage () returned 1 [0231.004] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.004] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0231.004] IsWindowUnicode (hWnd=0x201ba) returned 1 [0231.004] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.004] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0231.004] SetCursor (hCursor=0x10003) returned 0x10003 [0231.005] TranslateMessage (lpMsg=0x29ea50) returned 0 [0231.005] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0231.005] GetKeyState (nVirtKey=1) returned 1 [0231.005] GetKeyState (nVirtKey=2) returned 0 [0231.005] GetKeyState (nVirtKey=4) returned 0 [0231.005] GetKeyState (nVirtKey=5) returned 0 [0231.005] GetKeyState (nVirtKey=6) returned 0 [0231.005] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0231.005] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0231.005] WaitMessage () returned 1 [0231.065] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.065] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0231.065] IsWindowUnicode (hWnd=0x201ba) returned 1 [0231.065] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.065] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0231.065] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0231.065] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xbf015c) returned 0x0 [0231.065] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0231.065] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0231.065] SetCursor (hCursor=0x10003) returned 0x10003 [0231.067] TranslateMessage (lpMsg=0x29ea50) returned 0 [0231.067] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0231.067] GetKeyState (nVirtKey=1) returned -128 [0231.067] GetKeyState (nVirtKey=2) returned 0 [0231.067] GetKeyState (nVirtKey=4) returned 0 [0231.067] GetKeyState (nVirtKey=5) returned 0 [0231.067] GetKeyState (nVirtKey=6) returned 0 [0231.067] IsWindowVisible (hWnd=0x201ba) returned 1 [0231.067] IsWindowEnabled (hWnd=0x201ba) returned 1 [0231.067] SetFocus (hWnd=0x201ba) returned 0x201ba [0231.067] GetFocus () returned 0x201ba [0231.067] GetFocus () returned 0x201ba [0231.067] GetFocus () returned 0x201ba [0231.067] GetKeyState (nVirtKey=1) returned -128 [0231.067] GetKeyState (nVirtKey=2) returned 0 [0231.067] GetKeyState (nVirtKey=4) returned 0 [0231.067] GetKeyState (nVirtKey=5) returned 0 [0231.067] GetKeyState (nVirtKey=6) returned 0 [0231.067] GetCapture () returned 0x0 [0231.067] SetCapture (hWnd=0x201ba) returned 0x0 [0231.067] GetKeyState (nVirtKey=1) returned -128 [0231.068] GetKeyState (nVirtKey=2) returned 0 [0231.068] GetKeyState (nVirtKey=4) returned 0 [0231.068] GetKeyState (nVirtKey=5) returned 0 [0231.068] GetKeyState (nVirtKey=6) returned 0 [0231.068] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0231.068] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0231.068] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.068] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.068] TranslateMessage (lpMsg=0x29ea50) returned 0 [0231.068] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0231.068] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.068] IsWindowUnicode (hWnd=0x201ba) returned 1 [0231.068] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.068] TranslateMessage (lpMsg=0x29ea50) returned 0 [0231.068] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0231.068] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22c7580, cPoints=0x1 | out: lpPoints=0x22c7580) returned 22938228 [0231.068] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0231.068] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0231.068] UpdateWindow (hWnd=0x201ba) returned 1 [0231.068] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x501080c [0231.068] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0231.068] CreateCompatibleDC (hdc=0x501080c) returned 0x5301021e [0231.068] SelectObject (hdc=0x5301021e, h=0xa05082d) returned 0x185000f [0231.068] GdipCreateFromHDC (hdc=0x5301021e, graphics=0x29da18) returned 0x0 [0231.068] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0231.069] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0231.069] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0231.069] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0231.069] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0231.069] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0231.069] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0231.069] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0231.069] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0231.069] GdipCreateRegion (region=0x29da40) returned 0x0 [0231.069] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0231.069] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0231.069] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0231.069] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd7e0dbd) returned 0x0 [0231.069] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0231.069] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0231.069] GetCurrentObject (hdc=0x5301021e, type=0x1) returned 0x1b00017 [0231.069] GetCurrentObject (hdc=0x5301021e, type=0x2) returned 0x1900010 [0231.069] GetCurrentObject (hdc=0x5301021e, type=0x7) returned 0xa05082d [0231.069] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.069] SaveDC (hdc=0x5301021e) returned 1 [0231.070] GetNearestColor (hdc=0x5301021e, color=0x0) returned 0x0 [0231.070] GetNearestColor (hdc=0x5301021e, color=0x0) returned 0x0 [0231.070] GetNearestColor (hdc=0x5301021e, color=0x0) returned 0x0 [0231.070] GetNearestColor (hdc=0x5301021e, color=0x989898) returned 0x989898 [0231.070] GetNearestColor (hdc=0x5301021e, color=0x8b) returned 0x8b [0231.070] GetNearestColor (hdc=0x5301021e, color=0x7f7f7f) returned 0x7f7f7f [0231.070] GetNearestColor (hdc=0x5301021e, color=0x989898) returned 0x989898 [0231.070] GetNearestColor (hdc=0x5301021e, color=0x0) returned 0x0 [0231.070] GetNearestColor (hdc=0x5301021e, color=0x8b) returned 0x8b [0231.070] RestoreDC (hdc=0x5301021e, nSavedDC=-1) returned 1 [0231.070] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x5301021e) returned 0x0 [0231.070] IsAppThemed () returned 0x1 [0231.070] GetThemeAppProperties () returned 0x3 [0231.070] GetThemeAppProperties () returned 0x3 [0231.070] IsAppThemed () returned 0x1 [0231.070] GetThemeAppProperties () returned 0x3 [0231.070] GetThemeAppProperties () returned 0x3 [0231.070] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22c8158 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0231.071] IsAppThemed () returned 0x1 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] IsAppThemed () returned 0x1 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] IsAppThemed () returned 0x1 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] IsAppThemed () returned 0x1 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] IsThemePartDefined () returned 0x1 [0231.071] IsAppThemed () returned 0x1 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0231.071] IsAppThemed () returned 0x1 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] IsAppThemed () returned 0x1 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] GetThemeAppProperties () returned 0x3 [0231.071] IsThemePartDefined () returned 0x1 [0231.071] GdipCreateRegion (region=0x29d520) returned 0x0 [0231.071] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0231.071] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0231.071] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0231.071] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0231.071] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0231.071] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0231.071] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0231.072] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0231.072] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0231.072] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0231.072] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0231.072] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0231.072] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0231.072] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0231.072] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0231.072] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0231.072] GetCurrentObject (hdc=0x5301021e, type=0x1) returned 0x1b00017 [0231.072] GetCurrentObject (hdc=0x5301021e, type=0x2) returned 0x1900010 [0231.072] GetCurrentObject (hdc=0x5301021e, type=0x7) returned 0xa05082d [0231.072] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.072] SaveDC (hdc=0x5301021e) returned 1 [0231.072] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffd0040228 [0231.072] GetClipRgn (hdc=0x5301021e, hrgn=0xffffffffd0040228) returned 0 [0231.072] SelectClipRgn (hdc=0x5301021e, hrgn=0xffffffff84040812) returned 2 [0231.072] DeleteObject (ho=0xffffffffd0040228) returned 1 [0231.072] DeleteObject (ho=0xffffffff84040812) returned 1 [0231.072] OffsetViewportOrgEx (in: hdc=0x5301021e, x=0, y=0, lppt=0x22c8b40 | out: lppt=0x22c8b40) returned 1 [0231.073] DrawThemeParentBackground () returned 0x0 [0231.073] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0231.073] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0231.073] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0231.073] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0231.073] GetSystemMetrics (nIndex=42) returned 0 [0231.073] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0231.073] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0231.073] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0231.073] GetCurrentObject (hdc=0x5301021e, type=0x1) returned 0x1b00017 [0231.073] GetCurrentObject (hdc=0x5301021e, type=0x2) returned 0x1900010 [0231.073] GetCurrentObject (hdc=0x5301021e, type=0x7) returned 0xa05082d [0231.073] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.073] SaveDC (hdc=0x5301021e) returned 2 [0231.073] GetNearestColor (hdc=0x5301021e, color=0x0) returned 0x0 [0231.073] CreateSolidBrush (color=0x0) returned 0x5d10081f [0231.073] FillRect (hDC=0x5301021e, lprc=0x29cb98, hbr=0x5d10081f) returned 1 [0231.073] DeleteObject (ho=0x5d10081f) returned 1 [0231.073] RestoreDC (hdc=0x5301021e, nSavedDC=-1) returned 1 [0231.074] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0231.074] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0231.074] GetSystemMetrics (nIndex=42) returned 0 [0231.074] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0231.074] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0231.074] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0231.074] GetCurrentObject (hdc=0x5301021e, type=0x1) returned 0x1b00017 [0231.074] GetCurrentObject (hdc=0x5301021e, type=0x2) returned 0x1900010 [0231.074] GetCurrentObject (hdc=0x5301021e, type=0x7) returned 0xa05082d [0231.074] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.074] SaveDC (hdc=0x5301021e) returned 2 [0231.074] GetNearestColor (hdc=0x5301021e, color=0x0) returned 0x0 [0231.074] CreateSolidBrush (color=0x0) returned 0x5e10081f [0231.074] FillRect (hDC=0x5301021e, lprc=0x29cac8, hbr=0x5e10081f) returned 1 [0231.074] DeleteObject (ho=0x5e10081f) returned 1 [0231.074] RestoreDC (hdc=0x5301021e, nSavedDC=-1) returned 1 [0231.074] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0231.074] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0231.074] GetSystemMetrics (nIndex=42) returned 0 [0231.075] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0231.075] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0231.075] RestoreDC (hdc=0x5301021e, nSavedDC=-1) returned 1 [0231.075] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x5301021e) returned 0x0 [0231.075] IsAppThemed () returned 0x1 [0231.075] GetThemeAppProperties () returned 0x3 [0231.075] GetThemeAppProperties () returned 0x3 [0231.075] IsAppThemed () returned 0x1 [0231.075] GetThemeAppProperties () returned 0x3 [0231.075] GetThemeAppProperties () returned 0x3 [0231.075] IsThemePartDefined () returned 0x1 [0231.075] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0231.076] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0231.076] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0231.076] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0231.076] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0231.076] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0231.076] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0231.076] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0231.076] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0231.076] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0231.076] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0231.076] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0231.076] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0231.076] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0231.076] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0231.076] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0231.076] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0231.076] GetCurrentObject (hdc=0x5301021e, type=0x1) returned 0x1b00017 [0231.076] GetCurrentObject (hdc=0x5301021e, type=0x2) returned 0x1900010 [0231.076] GetCurrentObject (hdc=0x5301021e, type=0x7) returned 0xa05082d [0231.076] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.076] SaveDC (hdc=0x5301021e) returned 1 [0231.077] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff85040812 [0231.077] GetClipRgn (hdc=0x5301021e, hrgn=0xffffffff85040812) returned 0 [0231.077] SelectClipRgn (hdc=0x5301021e, hrgn=0xffffffffd2040228) returned 2 [0231.077] DeleteObject (ho=0xffffffff85040812) returned 1 [0231.077] DeleteObject (ho=0xffffffffd2040228) returned 1 [0231.077] OffsetViewportOrgEx (in: hdc=0x5301021e, x=0, y=0, lppt=0x22c9c48 | out: lppt=0x22c9c48) returned 1 [0231.077] IsAppThemed () returned 0x1 [0231.077] GetThemeAppProperties () returned 0x3 [0231.077] GetThemeAppProperties () returned 0x3 [0231.077] DrawThemeBackground () returned 0x0 [0231.077] RestoreDC (hdc=0x5301021e, nSavedDC=-1) returned 1 [0231.077] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x5301021e) returned 0x0 [0231.077] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0231.077] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0231.077] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0231.077] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0231.077] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0231.077] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0231.077] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0231.077] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0231.077] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0231.077] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0231.078] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0231.078] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0231.078] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0231.078] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0231.078] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0231.078] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0231.078] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0231.078] GetCurrentObject (hdc=0x5301021e, type=0x1) returned 0x1b00017 [0231.078] GetCurrentObject (hdc=0x5301021e, type=0x2) returned 0x1900010 [0231.078] GetCurrentObject (hdc=0x5301021e, type=0x7) returned 0xa05082d [0231.078] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.078] SaveDC (hdc=0x5301021e) returned 1 [0231.078] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffd3040228 [0231.078] GetClipRgn (hdc=0x5301021e, hrgn=0xffffffffd3040228) returned 0 [0231.078] SelectClipRgn (hdc=0x5301021e, hrgn=0xffffffff86040812) returned 2 [0231.078] DeleteObject (ho=0xffffffffd3040228) returned 1 [0231.078] DeleteObject (ho=0xffffffff86040812) returned 1 [0231.078] OffsetViewportOrgEx (in: hdc=0x5301021e, x=0, y=0, lppt=0x22ca120 | out: lppt=0x22ca120) returned 1 [0231.078] IsAppThemed () returned 0x1 [0231.078] GetThemeAppProperties () returned 0x3 [0231.078] GetThemeAppProperties () returned 0x3 [0231.079] GetThemeBackgroundContentRect () returned 0x0 [0231.079] RestoreDC (hdc=0x5301021e, nSavedDC=-1) returned 1 [0231.079] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x5301021e) returned 0x0 [0231.079] IsAppThemed () returned 0x1 [0231.079] GetThemeAppProperties () returned 0x3 [0231.079] GetThemeAppProperties () returned 0x3 [0231.079] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0231.079] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0231.079] GetCurrentObject (hdc=0x5301021e, type=0x1) returned 0x1b00017 [0231.079] GetCurrentObject (hdc=0x5301021e, type=0x2) returned 0x1900010 [0231.079] GetCurrentObject (hdc=0x5301021e, type=0x7) returned 0xa05082d [0231.079] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.079] SaveDC (hdc=0x5301021e) returned 1 [0231.079] GetTextAlign (hdc=0x5301021e) returned 0x0 [0231.079] GetTextColor (hdc=0x5301021e) returned 0x0 [0231.079] SetTextColor (hdc=0x5301021e, color=0x8b) returned 0x0 [0231.079] GetCurrentObject (hdc=0x5301021e, type=0x6) returned 0x18a002e [0231.079] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0231.079] SelectObject (hdc=0x5301021e, h=0x90a0819) returned 0x18a002e [0231.079] GetBkMode (hdc=0x5301021e) returned 2 [0231.079] SetBkMode (hdc=0x5301021e, mode=1) returned 2 [0231.080] DrawTextExW (in: hdc=0x5301021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22ca7a8 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0231.080] DrawTextExW (in: hdc=0x5301021e, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22ca7a8 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0231.080] RestoreDC (hdc=0x5301021e, nSavedDC=-1) returned 1 [0231.080] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x5301021e) returned 0x0 [0231.080] GetFocus () returned 0x201ba [0231.080] IsAppThemed () returned 0x1 [0231.080] GetThemeAppProperties () returned 0x3 [0231.080] GetThemeAppProperties () returned 0x3 [0231.080] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0231.080] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x5301021e, x1=0, y1=0, rop=0xcc0020) returned 1 [0231.080] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x5301021e) returned 0x0 [0231.080] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0231.080] SelectObject (hdc=0x5301021e, h=0x185000f) returned 0xa05082d [0231.080] DeleteDC (hdc=0x5301021e) returned 1 [0231.080] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0231.081] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0231.081] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22ca910, cPoints=0x1 | out: lpPoints=0x22ca910) returned 22938228 [0231.081] WindowFromPoint (Point=0x16c000002c0) returned 0x201ba [0231.081] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0231.081] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0231.081] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0231.081] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0231.081] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0231.081] GetSystemMetrics (nIndex=42) returned 0 [0231.081] CoTaskMemAlloc (cb=0x2b6) returned 0x1a978aa0 [0231.081] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a978aa0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0231.081] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a978aa0) returned 0x158 [0231.081] CoTaskMemFree (pv=0x1a978aa0) [0231.082] OleSetClipboard (pDataObj=0x2deb28) returned 0x0 [0231.083] OleFlushClipboard () returned 0x0 [0231.083] GlobalReAlloc (hMem=0x1bee00d8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00d8 [0231.083] GlobalLock (hMem=0x1bee00d8) returned 0x1a99d6a0 [0231.083] RtlMoveMemory (in: Destination=0x1a99d6a0, Source=0x22cb7f8, Length=0x2b0 | out: Destination=0x1a99d6a0) [0231.083] GlobalUnlock (hMem=0x1bee00d8) returned 0 [0231.084] GetCapture () returned 0x201ba [0231.084] ReleaseCapture () returned 1 [0231.084] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0231.084] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.084] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0231.084] IsWindowUnicode (hWnd=0x201ba) returned 1 [0231.084] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0231.085] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0231.085] SetCursor (hCursor=0x10003) returned 0x10003 [0231.085] TranslateMessage (lpMsg=0x29ea50) returned 0 [0231.085] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0231.085] GetKeyState (nVirtKey=1) returned 0 [0231.085] GetKeyState (nVirtKey=2) returned 0 [0231.085] GetKeyState (nVirtKey=4) returned 0 [0231.085] GetKeyState (nVirtKey=5) returned 0 [0231.085] GetKeyState (nVirtKey=6) returned 0 [0231.085] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0231.085] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0231.085] WaitMessage () returned 1 [0233.001] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.001] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.001] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.002] GetKeyState (nVirtKey=16) returned 0 [0233.002] GetKeyState (nVirtKey=17) returned 0 [0233.002] GetKeyState (nVirtKey=18) returned 0 [0233.003] GetKeyState (nVirtKey=16) returned 0 [0233.003] GetKeyState (nVirtKey=17) returned 0 [0233.003] GetKeyState (nVirtKey=18) returned 0 [0233.017] SendMessageW (hWnd=0x201ba, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x2000 [0233.017] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x2000 [0233.023] SendMessageW (hWnd=0x201ba, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x2000 [0233.023] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x2000 [0233.023] TranslateMessage (lpMsg=0x29ea50) returned 1 [0233.023] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.024] GetKeyState (nVirtKey=16) returned 0 [0233.024] GetKeyState (nVirtKey=17) returned 0 [0233.024] GetKeyState (nVirtKey=18) returned 0 [0233.024] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x100, wParam=0x5b, lParam=0x15b0001) returned 0x0 [0233.024] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.024] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x88, wParam=0x4, lParam=0x0) returned 0x0 [0233.024] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.024] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0233.024] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0233.024] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0233.025] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29db98 | out: lpwndpl=0x29db98) returned 1 [0233.025] GetClientRect (in: hWnd=0x501ac, lpRect=0x29dab0 | out: lpRect=0x29dab0) returned 1 [0233.025] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0233.025] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0233.025] GetSystemMetrics (nIndex=42) returned 0 [0233.025] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d7d0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0233.025] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d7d0) returned 0x27 [0233.026] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d898 | out: lpRect=0x29d898) returned 1 [0233.026] GetCurrentObject (hdc=0xa010808, type=0x1) returned 0x1b00017 [0233.026] GetCurrentObject (hdc=0xa010808, type=0x2) returned 0x1900010 [0233.026] GetCurrentObject (hdc=0xa010808, type=0x7) returned 0x1050032 [0233.026] GetCurrentObject (hdc=0xa010808, type=0x6) returned 0x18a002e [0233.026] SaveDC (hdc=0xa010808) returned 1 [0233.026] GetNearestColor (hdc=0xa010808, color=0x0) returned 0x0 [0233.026] CreateSolidBrush (color=0x0) returned 0x5f10081f [0233.026] FillRect (hDC=0xa010808, lprc=0x29d588, hbr=0x5f10081f) returned 1 [0233.026] DeleteObject (ho=0x5f10081f) returned 1 [0233.026] RestoreDC (hdc=0xa010808, nSavedDC=-1) returned 1 [0233.026] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.026] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.027] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.027] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0233.027] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.027] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.028] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.028] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.028] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0233.028] GetStockObject (i=5) returned 0x1900015 [0233.028] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.028] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0233.029] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.029] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0233.029] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0233.029] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0233.029] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0233.030] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x1c, wParam=0x0, lParam=0x45c) returned 0x0 [0233.030] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x1c, wParam=0x0, lParam=0x45c) returned 0x0 [0233.030] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x1c, wParam=0x0, lParam=0x45c) returned 0x0 [0233.030] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0 [0233.030] GetCapture () returned 0x0 [0233.030] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0233.030] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0233.030] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0233.030] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0 [0233.030] IsWindowUnicode (hWnd=0x501ac) returned 1 [0233.030] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.030] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.030] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.030] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x2a3, wParam=0x0, lParam=0x0) returned 0x0 [0233.030] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0233.030] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.031] IsWindowUnicode (hWnd=0x501ac) returned 1 [0233.031] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.031] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.031] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.031] BeginPaint (in: hWnd=0x501ac, lpPaint=0x29e188 | out: lpPaint=0x29e188) returned 0x501080c [0233.031] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.031] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0233.031] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0233.031] GetSystemMetrics (nIndex=42) returned 0 [0233.031] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29dfe0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0233.031] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29dfe0) returned 0x27 [0233.031] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.031] EndPaint (hWnd=0x501ac, lpPaint=0x29e128) returned 1 [0233.031] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.031] IsWindowUnicode (hWnd=0x301b2) returned 1 [0233.031] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.031] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.031] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.031] BeginPaint (in: hWnd=0x301b2, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0233.032] EndPaint (hWnd=0x301b2, lpPaint=0x29e0e8) returned 1 [0233.032] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.032] IsWindowUnicode (hWnd=0x301ae) returned 1 [0233.032] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.032] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.032] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.032] BeginPaint (in: hWnd=0x301ae, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0x501080c [0233.032] EndPaint (hWnd=0x301ae, lpPaint=0x29e0e8) returned 1 [0233.032] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.032] IsWindowUnicode (hWnd=0x301b4) returned 1 [0233.032] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.032] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.032] DispatchMessageW (lpMsg=0x29ea50) returned 0x1 [0233.032] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0233.033] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] IsWindowUnicode (hWnd=0x201b8) returned 1 [0233.033] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.033] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.033] BeginPaint (in: hWnd=0x201b8, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0x501080c [0233.033] EndPaint (hWnd=0x201b8, lpPaint=0x29e0e8) returned 1 [0233.033] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] IsWindowUnicode (hWnd=0x201e8) returned 1 [0233.033] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.033] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.033] BeginPaint (in: hWnd=0x201e8, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0233.033] EndPaint (hWnd=0x201e8, lpPaint=0x29e0e8) returned 1 [0233.033] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] IsWindowUnicode (hWnd=0x201e6) returned 1 [0233.033] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.033] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.033] BeginPaint (in: hWnd=0x201e6, lpPaint=0x29e1c8 | out: lpPaint=0x29e1c8) returned 0x501080c [0233.033] EndPaint (hWnd=0x201e6, lpPaint=0x29e168) returned 1 [0233.033] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.033] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.033] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.033] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.034] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29e118 | out: lpPaint=0x29e118) returned 0xa010808 [0233.034] EndPaint (hWnd=0x201ba, lpPaint=0x29e0b8) returned 1 [0233.034] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.034] IsWindowUnicode (hWnd=0x201bc) returned 1 [0233.034] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.034] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.034] DispatchMessageW (lpMsg=0x29ea50) returned 0x1 [0233.034] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0233.034] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.034] IsWindowUnicode (hWnd=0x401da) returned 1 [0233.034] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.034] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.034] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.034] BeginPaint (in: hWnd=0x401da, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0233.034] EndPaint (hWnd=0x401da, lpPaint=0x29e0e8) returned 1 [0233.034] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.034] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.034] WaitMessage () returned 1 [0233.125] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.125] IsWindowUnicode (hWnd=0x201e2) returned 1 [0233.126] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.126] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.126] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.126] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.126] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.126] WaitMessage () returned 1 [0233.328] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.328] IsWindowUnicode (hWnd=0x201e4) returned 1 [0233.328] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.328] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.328] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.328] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.328] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.328] WaitMessage () returned 1 [0233.633] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.633] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x88, wParam=0x4, lParam=0x0) returned 0x0 [0233.633] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.633] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0233.634] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0233.634] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0233.634] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29db98 | out: lpwndpl=0x29db98) returned 1 [0233.634] GetClientRect (in: hWnd=0x501ac, lpRect=0x29dab0 | out: lpRect=0x29dab0) returned 1 [0233.634] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0233.634] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0233.634] GetSystemMetrics (nIndex=42) returned 0 [0233.634] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d7d0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0233.634] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d7d0) returned 0x27 [0233.634] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d898 | out: lpRect=0x29d898) returned 1 [0233.634] GetCurrentObject (hdc=0xa010808, type=0x1) returned 0x1b00017 [0233.635] GetCurrentObject (hdc=0xa010808, type=0x2) returned 0x1900010 [0233.635] GetCurrentObject (hdc=0xa010808, type=0x7) returned 0x1050032 [0233.635] GetCurrentObject (hdc=0xa010808, type=0x6) returned 0x18a002e [0233.635] SaveDC (hdc=0xa010808) returned 1 [0233.635] GetNearestColor (hdc=0xa010808, color=0x0) returned 0x0 [0233.635] CreateSolidBrush (color=0x0) returned 0x6010081f [0233.635] FillRect (hDC=0xa010808, lprc=0x29d588, hbr=0x6010081f) returned 1 [0233.635] DeleteObject (ho=0x6010081f) returned 1 [0233.635] RestoreDC (hdc=0xa010808, nSavedDC=-1) returned 1 [0233.635] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.635] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.636] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.636] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x14, wParam=0xa010808, lParam=0x0) returned 0x1 [0233.636] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.636] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.636] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.637] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.637] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x14, wParam=0x501080c, lParam=0x0) returned 0x1 [0233.637] GetStockObject (i=5) returned 0x1900015 [0233.637] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.637] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x14, wParam=0x7010804, lParam=0x0) returned 0x1 [0233.637] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0233.637] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.638] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.638] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.638] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.638] SetCursor (hCursor=0x10003) returned 0x10003 [0233.638] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.638] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.638] _TrackMouseEvent (in: lpEventTrack=0x225e660 | out: lpEventTrack=0x225e660) returned 1 [0233.638] SendMessageW (hWnd=0x201ba, Msg=0xc135, wParam=0x0, lParam=0x0) returned 0x0 [0233.638] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xc135, wParam=0x0, lParam=0x0) returned 0x0 [0233.638] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0233.638] GetKeyState (nVirtKey=1) returned 0 [0233.638] GetKeyState (nVirtKey=2) returned 0 [0233.638] GetKeyState (nVirtKey=4) returned 0 [0233.638] GetKeyState (nVirtKey=5) returned 0 [0233.638] GetKeyState (nVirtKey=6) returned 0 [0233.638] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.638] IsWindowUnicode (hWnd=0x501ac) returned 1 [0233.638] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.638] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.638] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.638] BeginPaint (in: hWnd=0x501ac, lpPaint=0x29e188 | out: lpPaint=0x29e188) returned 0x7010804 [0233.638] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.638] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0233.638] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0233.638] GetSystemMetrics (nIndex=42) returned 0 [0233.638] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29dfe0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0233.638] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29dfe0) returned 0x27 [0233.638] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.638] EndPaint (hWnd=0x501ac, lpPaint=0x29e128) returned 1 [0233.638] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.639] IsWindowUnicode (hWnd=0x301b2) returned 1 [0233.639] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.639] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.639] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.639] BeginPaint (in: hWnd=0x301b2, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0x501080c [0233.639] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.639] CreateCompatibleDC (hdc=0x501080c) returned 0x4d01025f [0233.639] SelectObject (hdc=0x4d01025f, h=0xa05082d) returned 0x185000f [0233.639] GdipCreateFromHDC (hdc=0x4d01025f, graphics=0x29e0c8) returned 0x0 [0233.639] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0233.639] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=103, height=16, combineMode=0x0) returned 0x0 [0233.639] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0233.639] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0233.639] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0233.639] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.639] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.639] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.639] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.639] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0233.639] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0233.639] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29e150) returned 0x0 [0233.639] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29e1f0) returned 0x0 [0233.639] GetWindowTextLengthW (hWnd=0x301b2) returned 13 [0233.639] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xd [0233.639] GetSystemMetrics (nIndex=42) returned 0 [0233.639] GetWindowTextW (in: hWnd=0x301b2, lpString=0x29dfe0, nMaxCount=14 | out: lpString="Personal Key:") returned 13 [0233.639] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xd, wParam=0xe, lParam=0x29dfe0) returned 0xd [0233.640] GetClientRect (in: hWnd=0x301b2, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0233.640] GdipCreateRegion (region=0x29dd80) returned 0x0 [0233.640] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ad30) returned 0x0 [0233.640] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0233.640] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0233.640] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0233.640] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.640] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.640] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.640] GdipCombineRegionRegion (region=0x1c34ad30, region2=0x1c34ac70, combineMode=0x1) returned 0x0 [0233.640] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.640] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.640] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.640] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.640] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de50) returned 0x0 [0233.640] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de10) returned 0x0 [0233.640] GdipGetRegionHRgn (region=0x1c34ad30, graphics=0x1bcbdb80, hRgn=0x29de10) returned 0x0 [0233.640] GdipDeleteRegion (region=0x1c34ad30) returned 0x0 [0233.640] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29de58) returned 0x0 [0233.640] GetCurrentObject (hdc=0x4d01025f, type=0x1) returned 0x1b00017 [0233.640] GetCurrentObject (hdc=0x4d01025f, type=0x2) returned 0x1900010 [0233.640] GetCurrentObject (hdc=0x4d01025f, type=0x7) returned 0xa05082d [0233.640] GetCurrentObject (hdc=0x4d01025f, type=0x6) returned 0x18a002e [0233.640] SaveDC (hdc=0x4d01025f) returned 1 [0233.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff87040812 [0233.640] GetClipRgn (hdc=0x4d01025f, hrgn=0xffffffff87040812) returned 0 [0233.640] SelectClipRgn (hdc=0x4d01025f, hrgn=0xffffffffdc040228) returned 2 [0233.640] DeleteObject (ho=0xffffffff87040812) returned 1 [0233.641] DeleteObject (ho=0xffffffffdc040228) returned 1 [0233.641] OffsetViewportOrgEx (in: hdc=0x4d01025f, x=0, y=0, lppt=0x22cd2e0 | out: lppt=0x22cd2e0) returned 1 [0233.641] GetNearestColor (hdc=0x4d01025f, color=0x0) returned 0x0 [0233.641] CreateSolidBrush (color=0x0) returned 0x6110081f [0233.641] FillRect (hDC=0x4d01025f, lprc=0x29de88, hbr=0x6110081f) returned 1 [0233.641] DeleteObject (ho=0x6110081f) returned 1 [0233.641] RestoreDC (hdc=0x4d01025f, nSavedDC=-1) returned 1 [0233.641] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01025f) returned 0x0 [0233.641] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd7c0dbd) returned 0x0 [0233.641] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0233.641] GetWindowTextLengthW (hWnd=0x301b2) returned 13 [0233.641] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xd [0233.641] GetSystemMetrics (nIndex=42) returned 0 [0233.641] GetWindowTextW (in: hWnd=0x301b2, lpString=0x29dfe0, nMaxCount=14 | out: lpString="Personal Key:") returned 13 [0233.641] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0xd, wParam=0xe, lParam=0x29dfe0) returned 0xd [0233.641] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29dfe8) returned 0x0 [0233.641] GetCurrentObject (hdc=0x4d01025f, type=0x1) returned 0x1b00017 [0233.641] GetCurrentObject (hdc=0x4d01025f, type=0x2) returned 0x1900010 [0233.641] GetCurrentObject (hdc=0x4d01025f, type=0x7) returned 0xa05082d [0233.641] GetCurrentObject (hdc=0x4d01025f, type=0x6) returned 0x18a002e [0233.641] SaveDC (hdc=0x4d01025f) returned 1 [0233.641] GetNearestColor (hdc=0x4d01025f, color=0xff00) returned 0xff00 [0233.641] RestoreDC (hdc=0x4d01025f, nSavedDC=-1) returned 1 [0233.641] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01025f) returned 0x0 [0233.642] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0233.642] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0233.642] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29def8) returned 0x0 [0233.642] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29ded8) returned 0x0 [0233.642] GetCurrentObject (hdc=0x4d01025f, type=0x1) returned 0x1b00017 [0233.642] GetCurrentObject (hdc=0x4d01025f, type=0x2) returned 0x1900010 [0233.642] GetCurrentObject (hdc=0x4d01025f, type=0x7) returned 0xa05082d [0233.642] GetCurrentObject (hdc=0x4d01025f, type=0x6) returned 0x18a002e [0233.642] SaveDC (hdc=0x4d01025f) returned 1 [0233.642] GetTextAlign (hdc=0x4d01025f) returned 0x0 [0233.642] GetTextColor (hdc=0x4d01025f) returned 0x0 [0233.642] SetTextColor (hdc=0x4d01025f, color=0xff00) returned 0x0 [0233.642] GetCurrentObject (hdc=0x4d01025f, type=0x6) returned 0x18a002e [0233.642] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0233.642] SelectObject (hdc=0x4d01025f, h=0x440a01d5) returned 0x18a002e [0233.642] GetBkMode (hdc=0x4d01025f) returned 2 [0233.642] SetBkMode (hdc=0x4d01025f, mode=1) returned 2 [0233.642] DrawTextExW (in: hdc=0x4d01025f, lpchText="Personal Key:", cchText=13, lprc=0x29de68, format=0x100000, lpdtp=0x22cdc00 | out: lpchText="Personal Key:", lprc=0x29de68) returned 16 [0233.643] RestoreDC (hdc=0x4d01025f, nSavedDC=-1) returned 1 [0233.643] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01025f) returned 0x0 [0233.643] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29e108) returned 0x0 [0233.643] BitBlt (hdc=0x501080c, x=0, y=0, cx=103, cy=16, hdcSrc=0x4d01025f, x1=0, y1=0, rop=0xcc0020) returned 1 [0233.643] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x4d01025f) returned 0x0 [0233.643] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.643] SelectObject (hdc=0x4d01025f, h=0x185000f) returned 0xa05082d [0233.643] DeleteDC (hdc=0x4d01025f) returned 1 [0233.643] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0233.643] EndPaint (hWnd=0x301b2, lpPaint=0x29e0e8) returned 1 [0233.643] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.643] IsWindowUnicode (hWnd=0x301ae) returned 1 [0233.643] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.643] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.643] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.643] BeginPaint (in: hWnd=0x301ae, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0233.643] SelectPalette (hdc=0xa010808, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.643] CreateCompatibleDC (hdc=0xa010808) returned 0x4f01025f [0233.643] SelectObject (hdc=0x4f01025f, h=0xa05082d) returned 0x185000f [0233.643] GdipCreateFromHDC (hdc=0x4f01025f, graphics=0x29e0c8) returned 0x0 [0233.643] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0233.643] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=131, height=16, combineMode=0x0) returned 0x0 [0233.643] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0233.643] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0233.643] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0233.644] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.644] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.644] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.644] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.644] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0233.644] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0233.644] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e150) returned 0x0 [0233.644] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e1f0) returned 0x0 [0233.644] GetWindowTextLengthW (hWnd=0x301ae) returned 17 [0233.644] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x11 [0233.644] GetSystemMetrics (nIndex=42) returned 0 [0233.644] GetWindowTextW (in: hWnd=0x301ae, lpString=0x29dfd0, nMaxCount=18 | out: lpString="500$ or 0.084 BTC") returned 17 [0233.644] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xd, wParam=0x12, lParam=0x29dfd0) returned 0x11 [0233.644] GetClientRect (in: hWnd=0x301ae, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0233.644] GdipCreateRegion (region=0x29dd80) returned 0x0 [0233.644] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdcd0) returned 0x0 [0233.644] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0233.644] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0233.644] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0233.644] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.644] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.644] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.644] GdipCombineRegionRegion (region=0x1bcbdcd0, region2=0x1bcbdc10, combineMode=0x1) returned 0x0 [0233.644] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.644] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.644] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.644] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.644] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de50) returned 0x0 [0233.645] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de10) returned 0x0 [0233.645] GdipGetRegionHRgn (region=0x1bcbdcd0, graphics=0x1c34abe0, hRgn=0x29de10) returned 0x0 [0233.645] GdipDeleteRegion (region=0x1bcbdcd0) returned 0x0 [0233.645] GdipGetDC (graphics=0x1c34abe0, hdc=0x29de58) returned 0x0 [0233.645] GetCurrentObject (hdc=0x4f01025f, type=0x1) returned 0x1b00017 [0233.645] GetCurrentObject (hdc=0x4f01025f, type=0x2) returned 0x1900010 [0233.645] GetCurrentObject (hdc=0x4f01025f, type=0x7) returned 0xa05082d [0233.645] GetCurrentObject (hdc=0x4f01025f, type=0x6) returned 0x18a002e [0233.645] SaveDC (hdc=0x4f01025f) returned 1 [0233.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffdd040228 [0233.645] GetClipRgn (hdc=0x4f01025f, hrgn=0xffffffffdd040228) returned 0 [0233.645] SelectClipRgn (hdc=0x4f01025f, hrgn=0xffffffff89040812) returned 2 [0233.645] DeleteObject (ho=0xffffffffdd040228) returned 1 [0233.645] DeleteObject (ho=0xffffffff89040812) returned 1 [0233.645] OffsetViewportOrgEx (in: hdc=0x4f01025f, x=0, y=0, lppt=0x22ce260 | out: lppt=0x22ce260) returned 1 [0233.645] GetNearestColor (hdc=0x4f01025f, color=0x0) returned 0x0 [0233.645] CreateSolidBrush (color=0x0) returned 0x6210081f [0233.645] FillRect (hDC=0x4f01025f, lprc=0x29de88, hbr=0x6210081f) returned 1 [0233.645] DeleteObject (ho=0x6210081f) returned 1 [0233.645] RestoreDC (hdc=0x4f01025f, nSavedDC=-1) returned 1 [0233.645] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4f01025f) returned 0x0 [0233.645] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd7a0dbd) returned 0x0 [0233.645] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0233.645] GetWindowTextLengthW (hWnd=0x301ae) returned 17 [0233.645] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x11 [0233.645] GetSystemMetrics (nIndex=42) returned 0 [0233.646] GetWindowTextW (in: hWnd=0x301ae, lpString=0x29dfd0, nMaxCount=18 | out: lpString="500$ or 0.084 BTC") returned 17 [0233.646] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0xd, wParam=0x12, lParam=0x29dfd0) returned 0x11 [0233.646] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dfe8) returned 0x0 [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x1) returned 0x1b00017 [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x2) returned 0x1900010 [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x7) returned 0xa05082d [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x6) returned 0x18a002e [0233.646] SaveDC (hdc=0x4f01025f) returned 1 [0233.646] GetNearestColor (hdc=0x4f01025f, color=0xffff) returned 0xffff [0233.646] RestoreDC (hdc=0x4f01025f, nSavedDC=-1) returned 1 [0233.646] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4f01025f) returned 0x0 [0233.646] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0233.646] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0233.646] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29def8) returned 0x0 [0233.646] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ded8) returned 0x0 [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x1) returned 0x1b00017 [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x2) returned 0x1900010 [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x7) returned 0xa05082d [0233.646] GetCurrentObject (hdc=0x4f01025f, type=0x6) returned 0x18a002e [0233.646] SaveDC (hdc=0x4f01025f) returned 1 [0233.646] GetTextAlign (hdc=0x4f01025f) returned 0x0 [0233.646] GetTextColor (hdc=0x4f01025f) returned 0x0 [0233.646] SetTextColor (hdc=0x4f01025f, color=0xffff) returned 0x0 [0233.647] GetCurrentObject (hdc=0x4f01025f, type=0x6) returned 0x18a002e [0233.647] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0233.647] SelectObject (hdc=0x4f01025f, h=0x440a01d5) returned 0x18a002e [0233.647] GetBkMode (hdc=0x4f01025f) returned 2 [0233.647] SetBkMode (hdc=0x4f01025f, mode=1) returned 2 [0233.647] DrawTextExW (in: hdc=0x4f01025f, lpchText="500$ or 0.084 BTC", cchText=17, lprc=0x29de68, format=0x100000, lpdtp=0x22ceb98 | out: lpchText="500$ or 0.084 BTC", lprc=0x29de68) returned 16 [0233.647] RestoreDC (hdc=0x4f01025f, nSavedDC=-1) returned 1 [0233.647] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4f01025f) returned 0x0 [0233.647] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e108) returned 0x0 [0233.647] BitBlt (hdc=0xa010808, x=0, y=0, cx=131, cy=16, hdcSrc=0x4f01025f, x1=0, y1=0, rop=0xcc0020) returned 1 [0233.647] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x4f01025f) returned 0x0 [0233.647] SelectPalette (hdc=0xa010808, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.647] SelectObject (hdc=0x4f01025f, h=0x185000f) returned 0xa05082d [0233.647] DeleteDC (hdc=0x4f01025f) returned 1 [0233.647] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0233.647] EndPaint (hWnd=0x301ae, lpPaint=0x29e0e8) returned 1 [0233.647] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.647] IsWindowUnicode (hWnd=0x301b4) returned 1 [0233.647] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.647] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.647] DispatchMessageW (lpMsg=0x29ea50) returned 0x1 [0233.647] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0233.648] SetTextColor (hdc=0x5101025f, color=0xffffff) returned 0x0 [0233.648] SetBkColor (hdc=0x5101025f, color=0x0) returned 0xffffff [0233.653] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.654] IsWindowUnicode (hWnd=0x201b8) returned 1 [0233.654] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.654] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.654] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.654] BeginPaint (in: hWnd=0x201b8, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0x501080c [0233.654] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.654] CreateCompatibleDC (hdc=0x501080c) returned 0x5f0107b5 [0233.654] GetObjectType (h=0x501080c) returned 0x3 [0233.654] CreateCompatibleBitmap (hdc=0x501080c, cx=1, cy=1) returned 0x18050839 [0233.654] GetDIBits (in: hdc=0x501080c, hbm=0x18050839, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0233.654] GetDIBits (in: hdc=0x501080c, hbm=0x18050839, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0233.654] DeleteObject (ho=0x18050839) returned 1 [0233.654] CreateDIBSection (in: hdc=0x501080c, lpbmi=0x29db08, usage=0x0, ppvBits=0x29e0c8, hSection=0x0, offset=0x0 | out: ppvBits=0x29e0c8) returned 0xf050843 [0233.654] SelectObject (hdc=0x5f0107b5, h=0xf050843) returned 0x185000f [0233.654] GdipCreateFromHDC (hdc=0x5f0107b5, graphics=0x29e048) returned 0x0 [0233.654] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0233.654] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=675, height=80, combineMode=0x0) returned 0x0 [0233.654] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0233.655] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0233.655] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0233.655] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.655] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.655] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.655] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.655] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0233.655] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0233.655] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29e150) returned 0x0 [0233.655] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29e1f0) returned 0x0 [0233.655] GetWindowTextLengthW (hWnd=0x201b8) returned 192 [0233.655] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xc0 [0233.655] GetSystemMetrics (nIndex=42) returned 0 [0233.655] GetWindowTextW (in: hWnd=0x201b8, lpString=0x29de70, nMaxCount=193 | out: lpString="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:") returned 192 [0233.655] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xd, wParam=0xc1, lParam=0x29de70) returned 0xc0 [0233.655] GetClientRect (in: hWnd=0x201b8, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0233.655] GdipCreateRegion (region=0x29dd80) returned 0x0 [0233.655] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ad30) returned 0x0 [0233.655] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0233.655] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0233.655] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0233.655] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.656] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.656] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.656] GdipCombineRegionRegion (region=0x1c34ad30, region2=0x1c34ac70, combineMode=0x1) returned 0x0 [0233.656] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.656] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.656] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.656] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.656] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de50) returned 0x0 [0233.656] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de10) returned 0x0 [0233.656] GdipGetRegionHRgn (region=0x1c34ad30, graphics=0x1bcbdb80, hRgn=0x29de10) returned 0x0 [0233.656] GdipDeleteRegion (region=0x1c34ad30) returned 0x0 [0233.656] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29de58) returned 0x0 [0233.656] GetCurrentObject (hdc=0x5f0107b5, type=0x1) returned 0x1b00017 [0233.656] GetCurrentObject (hdc=0x5f0107b5, type=0x2) returned 0x1900010 [0233.656] GetCurrentObject (hdc=0x5f0107b5, type=0x7) returned 0xf050843 [0233.656] GetCurrentObject (hdc=0x5f0107b5, type=0x6) returned 0x18a002e [0233.656] SaveDC (hdc=0x5f0107b5) returned 1 [0233.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3404083a [0233.656] GetClipRgn (hdc=0x5f0107b5, hrgn=0x3404083a) returned 0 [0233.656] SelectClipRgn (hdc=0x5f0107b5, hrgn=0xffffffff8b040812) returned 2 [0233.656] DeleteObject (ho=0x3404083a) returned 1 [0233.656] DeleteObject (ho=0xffffffff8b040812) returned 1 [0233.656] OffsetViewportOrgEx (in: hdc=0x5f0107b5, x=0, y=0, lppt=0x22d06d8 | out: lppt=0x22d06d8) returned 1 [0233.656] GetNearestColor (hdc=0x5f0107b5, color=0x0) returned 0x0 [0233.656] CreateSolidBrush (color=0x0) returned 0x6310081f [0233.656] FillRect (hDC=0x5f0107b5, lprc=0x29de88, hbr=0x6310081f) returned 1 [0233.657] DeleteObject (ho=0x6310081f) returned 1 [0233.657] RestoreDC (hdc=0x5f0107b5, nSavedDC=-1) returned 1 [0233.657] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5f0107b5) returned 0x0 [0233.657] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd780dbd) returned 0x0 [0233.657] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0233.658] GetWindowTextLengthW (hWnd=0x201b8) returned 192 [0233.658] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xc0 [0233.658] GetSystemMetrics (nIndex=42) returned 0 [0233.658] GetWindowTextW (in: hWnd=0x201b8, lpString=0x29de70, nMaxCount=193 | out: lpString="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:") returned 192 [0233.658] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0xd, wParam=0xc1, lParam=0x29de70) returned 0xc0 [0233.658] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29dfe8) returned 0x0 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x1) returned 0x1b00017 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x2) returned 0x1900010 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x7) returned 0xf050843 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x6) returned 0x18a002e [0233.658] SaveDC (hdc=0x5f0107b5) returned 1 [0233.658] GetNearestColor (hdc=0x5f0107b5, color=0x8b) returned 0x8b [0233.658] RestoreDC (hdc=0x5f0107b5, nSavedDC=-1) returned 1 [0233.658] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5f0107b5) returned 0x0 [0233.658] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0233.658] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0233.658] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29def8) returned 0x0 [0233.658] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29ded8) returned 0x0 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x1) returned 0x1b00017 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x2) returned 0x1900010 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x7) returned 0xf050843 [0233.658] GetCurrentObject (hdc=0x5f0107b5, type=0x6) returned 0x18a002e [0233.658] SaveDC (hdc=0x5f0107b5) returned 1 [0233.658] GetTextAlign (hdc=0x5f0107b5) returned 0x0 [0233.658] GetTextColor (hdc=0x5f0107b5) returned 0x0 [0233.658] SetTextColor (hdc=0x5f0107b5, color=0x8b) returned 0x0 [0233.659] GetCurrentObject (hdc=0x5f0107b5, type=0x6) returned 0x18a002e [0233.659] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0233.659] SelectObject (hdc=0x5f0107b5, h=0x440a01d5) returned 0x18a002e [0233.659] GetBkMode (hdc=0x5f0107b5) returned 2 [0233.659] SetBkMode (hdc=0x5f0107b5, mode=1) returned 2 [0233.659] DrawTextExW (in: hdc=0x5f0107b5, lpchText="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:", cchText=192, lprc=0x29de68, format=0x100000, lpdtp=0x22d1430 | out: lpchText="For Decrypt Your Personal Just Pay , After Pay You Can send personal key to \r\nEmail: mehtihack051@gmail.com or ID Telegram: @C3NTER.\r\n\r\n\r\nBTC Transfer Address:", lprc=0x29de68) returned 80 [0233.659] RestoreDC (hdc=0x5f0107b5, nSavedDC=-1) returned 1 [0233.659] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5f0107b5) returned 0x0 [0233.659] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29e108) returned 0x0 [0233.659] BitBlt (hdc=0x501080c, x=0, y=0, cx=675, cy=80, hdcSrc=0x5f0107b5, x1=0, y1=0, rop=0xcc0020) returned 1 [0233.659] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x5f0107b5) returned 0x0 [0233.659] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.659] SelectObject (hdc=0x5f0107b5, h=0x185000f) returned 0xf050843 [0233.659] DeleteDC (hdc=0x5f0107b5) returned 1 [0233.659] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0233.659] DeleteObject (ho=0xf050843) returned 1 [0233.660] EndPaint (hWnd=0x201b8, lpPaint=0x29e0e8) returned 1 [0233.661] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.661] IsWindowUnicode (hWnd=0x201e8) returned 1 [0233.661] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.661] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.661] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.661] BeginPaint (in: hWnd=0x201e8, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0xa010808 [0233.661] SelectPalette (hdc=0xa010808, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.661] CreateCompatibleDC (hdc=0xa010808) returned 0x1b010839 [0233.661] SelectObject (hdc=0x1b010839, h=0xa05082d) returned 0x185000f [0233.661] GdipCreateFromHDC (hdc=0x1b010839, graphics=0x29e0c8) returned 0x0 [0233.661] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0233.661] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=419, height=36, combineMode=0x0) returned 0x0 [0233.661] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0233.661] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0233.661] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0233.661] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.661] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.661] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.661] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.661] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0233.661] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0233.661] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e150) returned 0x0 [0233.661] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e1f0) returned 0x0 [0233.661] GetWindowTextLengthW (hWnd=0x201e8) returned 102 [0233.661] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x66 [0233.662] GetSystemMetrics (nIndex=42) returned 0 [0233.662] GetWindowTextW (in: hWnd=0x201e8, lpString=0x29df20, nMaxCount=103 | out: lpString="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.") returned 102 [0233.662] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xd, wParam=0x67, lParam=0x29df20) returned 0x66 [0233.662] GetClientRect (in: hWnd=0x201e8, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0233.662] GdipCreateRegion (region=0x29dd80) returned 0x0 [0233.662] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdcd0) returned 0x0 [0233.662] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0233.662] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0233.662] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0233.662] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.662] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.662] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.662] GdipCombineRegionRegion (region=0x1bcbdcd0, region2=0x1bcbdc10, combineMode=0x1) returned 0x0 [0233.662] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.662] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.662] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.662] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.662] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de50) returned 0x0 [0233.662] GdipIsInfiniteRegion (region=0x1bcbdcd0, graphics=0x1c34abe0, result=0x29de10) returned 0x0 [0233.662] GdipGetRegionHRgn (region=0x1bcbdcd0, graphics=0x1c34abe0, hRgn=0x29de10) returned 0x0 [0233.662] GdipDeleteRegion (region=0x1bcbdcd0) returned 0x0 [0233.662] GdipGetDC (graphics=0x1c34abe0, hdc=0x29de58) returned 0x0 [0233.662] GetCurrentObject (hdc=0x1b010839, type=0x1) returned 0x1b00017 [0233.662] GetCurrentObject (hdc=0x1b010839, type=0x2) returned 0x1900010 [0233.662] GetCurrentObject (hdc=0x1b010839, type=0x7) returned 0xa05082d [0233.662] GetCurrentObject (hdc=0x1b010839, type=0x6) returned 0x18a002e [0233.662] SaveDC (hdc=0x1b010839) returned 1 [0233.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff8c040812 [0233.663] GetClipRgn (hdc=0x1b010839, hrgn=0xffffffff8c040812) returned 0 [0233.663] SelectClipRgn (hdc=0x1b010839, hrgn=0x3604083a) returned 2 [0233.663] DeleteObject (ho=0xffffffff8c040812) returned 1 [0233.663] DeleteObject (ho=0x3604083a) returned 1 [0233.663] OffsetViewportOrgEx (in: hdc=0x1b010839, x=0, y=0, lppt=0x22d1c88 | out: lppt=0x22d1c88) returned 1 [0233.663] GetNearestColor (hdc=0x1b010839, color=0xe9e7df) returned 0xe9e7df [0233.663] CreateSolidBrush (color=0xe9e7df) returned 0x6410081f [0233.663] FillRect (hDC=0x1b010839, lprc=0x29de88, hbr=0x6410081f) returned 1 [0233.663] DeleteObject (ho=0x6410081f) returned 1 [0233.663] RestoreDC (hdc=0x1b010839, nSavedDC=-1) returned 1 [0233.663] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1b010839) returned 0x0 [0233.663] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd760dbd) returned 0x0 [0233.663] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0233.663] GetWindowTextLengthW (hWnd=0x201e8) returned 102 [0233.663] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x66 [0233.663] GetSystemMetrics (nIndex=42) returned 0 [0233.663] GetWindowTextW (in: hWnd=0x201e8, lpString=0x29df20, nMaxCount=103 | out: lpString="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.") returned 102 [0233.663] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0xd, wParam=0x67, lParam=0x29df20) returned 0x66 [0233.663] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dfe8) returned 0x0 [0233.663] GetCurrentObject (hdc=0x1b010839, type=0x1) returned 0x1b00017 [0233.663] GetCurrentObject (hdc=0x1b010839, type=0x2) returned 0x1900010 [0233.663] GetCurrentObject (hdc=0x1b010839, type=0x7) returned 0xa05082d [0233.663] GetCurrentObject (hdc=0x1b010839, type=0x6) returned 0x18a002e [0233.663] SaveDC (hdc=0x1b010839) returned 1 [0233.663] GetNearestColor (hdc=0x1b010839, color=0x0) returned 0x0 [0233.663] RestoreDC (hdc=0x1b010839, nSavedDC=-1) returned 1 [0233.663] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1b010839) returned 0x0 [0233.664] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0233.664] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0233.664] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29def8) returned 0x0 [0233.664] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ded8) returned 0x0 [0233.664] GetCurrentObject (hdc=0x1b010839, type=0x1) returned 0x1b00017 [0233.664] GetCurrentObject (hdc=0x1b010839, type=0x2) returned 0x1900010 [0233.664] GetCurrentObject (hdc=0x1b010839, type=0x7) returned 0xa05082d [0233.664] GetCurrentObject (hdc=0x1b010839, type=0x6) returned 0x18a002e [0233.664] SaveDC (hdc=0x1b010839) returned 1 [0233.664] GetTextAlign (hdc=0x1b010839) returned 0x0 [0233.664] GetTextColor (hdc=0x1b010839) returned 0x0 [0233.664] GetCurrentObject (hdc=0x1b010839, type=0x6) returned 0x18a002e [0233.664] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0233.664] SelectObject (hdc=0x1b010839, h=0x70a0811) returned 0x18a002e [0233.664] GetBkMode (hdc=0x1b010839) returned 2 [0233.664] SetBkMode (hdc=0x1b010839, mode=1) returned 2 [0233.664] DrawTextExW (in: hdc=0x1b010839, lpchText="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.", cchText=102, lprc=0x29de68, format=0x100000, lpdtp=0x22d26f8 | out: lpchText="Warning: Please Don't Restart or Shutdown Your PC , \r\nIf do it Your Pesonal Files Permanently Crypted.", lprc=0x29de68) returned 36 [0233.664] RestoreDC (hdc=0x1b010839, nSavedDC=-1) returned 1 [0233.664] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1b010839) returned 0x0 [0233.664] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e108) returned 0x0 [0233.664] BitBlt (hdc=0xa010808, x=0, y=0, cx=419, cy=36, hdcSrc=0x1b010839, x1=0, y1=0, rop=0xcc0020) returned 1 [0233.665] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x1b010839) returned 0x0 [0233.665] SelectPalette (hdc=0xa010808, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.665] SelectObject (hdc=0x1b010839, h=0x185000f) returned 0xa05082d [0233.665] DeleteDC (hdc=0x1b010839) returned 1 [0233.665] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0233.665] EndPaint (hWnd=0x201e8, lpPaint=0x29e0e8) returned 1 [0233.665] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.665] IsWindowUnicode (hWnd=0x201e6) returned 1 [0233.665] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.665] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.665] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.665] BeginPaint (in: hWnd=0x201e6, lpPaint=0x29e1c8 | out: lpPaint=0x29e1c8) returned 0x7010804 [0233.665] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.665] CreateCompatibleDC (hdc=0x7010804) returned 0x1d010839 [0233.665] GetObjectType (h=0x7010804) returned 0x3 [0233.665] CreateCompatibleBitmap (hdc=0x7010804, cx=1, cy=1) returned 0x14050843 [0233.665] GetDIBits (in: hdc=0x7010804, hbm=0x14050843, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29dad8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29dad8) returned 1 [0233.665] GetDIBits (in: hdc=0x7010804, hbm=0x14050843, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29dad8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29dad8) returned 1 [0233.665] DeleteObject (ho=0x14050843) returned 1 [0233.665] CreateDIBSection (in: hdc=0x7010804, lpbmi=0x29db88, usage=0x0, ppvBits=0x29e148, hSection=0x0, offset=0x0 | out: ppvBits=0x29e148) returned 0x600507b5 [0233.665] SelectObject (hdc=0x1d010839, h=0x600507b5) returned 0x185000f [0233.665] GdipCreateFromHDC (hdc=0x1d010839, graphics=0x29e0c8) returned 0x0 [0233.666] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0233.666] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=537, height=87, combineMode=0x0) returned 0x0 [0233.666] GdipCreateMatrix (matrix=0x29e170) returned 0x0 [0233.666] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0233.666] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e1d8) returned 0x0 [0233.666] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.666] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.666] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.666] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.666] GdipCreateRegion (region=0x29e170) returned 0x0 [0233.666] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0233.666] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29e1d0) returned 0x0 [0233.666] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29e270) returned 0x0 [0233.666] GetWindowTextLengthW (hWnd=0x201e6) returned 0 [0233.666] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0233.666] GetSystemMetrics (nIndex=42) returned 0 [0233.666] GetWindowTextW (in: hWnd=0x201e6, lpString=0x29e070, nMaxCount=1 | out: lpString="") returned 0 [0233.666] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xd, wParam=0x1, lParam=0x29e070) returned 0x0 [0233.666] GetClientRect (in: hWnd=0x201e6, lpRect=0x29e218 | out: lpRect=0x29e218) returned 1 [0233.666] GdipCreateRegion (region=0x29de00) returned 0x0 [0233.666] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ad30) returned 0x0 [0233.666] GdipCreateMatrix (matrix=0x29de00) returned 0x0 [0233.666] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0233.666] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29de68) returned 0x0 [0233.666] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.666] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.666] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.666] GdipCombineRegionRegion (region=0x1c34ad30, region2=0x1c34ac70, combineMode=0x1) returned 0x0 [0233.666] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.667] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.667] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.667] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.667] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29ded0) returned 0x0 [0233.667] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de90) returned 0x0 [0233.667] GdipGetRegionHRgn (region=0x1c34ad30, graphics=0x1bcbdb80, hRgn=0x29de90) returned 0x0 [0233.667] GdipDeleteRegion (region=0x1c34ad30) returned 0x0 [0233.667] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29ded8) returned 0x0 [0233.667] GetCurrentObject (hdc=0x1d010839, type=0x1) returned 0x1b00017 [0233.667] GetCurrentObject (hdc=0x1d010839, type=0x2) returned 0x1900010 [0233.667] GetCurrentObject (hdc=0x1d010839, type=0x7) returned 0x600507b5 [0233.667] GetCurrentObject (hdc=0x1d010839, type=0x6) returned 0x18a002e [0233.667] SaveDC (hdc=0x1d010839) returned 1 [0233.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3704083a [0233.667] GetClipRgn (hdc=0x1d010839, hrgn=0x3704083a) returned 0 [0233.667] SelectClipRgn (hdc=0x1d010839, hrgn=0xffffffff8e040812) returned 2 [0233.667] DeleteObject (ho=0x3704083a) returned 1 [0233.667] DeleteObject (ho=0xffffffff8e040812) returned 1 [0233.667] OffsetViewportOrgEx (in: hdc=0x1d010839, x=0, y=0, lppt=0x22d3d98 | out: lppt=0x22d3d98) returned 1 [0233.667] GetNearestColor (hdc=0x1d010839, color=0x0) returned 0x0 [0233.667] CreateSolidBrush (color=0x0) returned 0x6510081f [0233.667] FillRect (hDC=0x1d010839, lprc=0x29df08, hbr=0x6510081f) returned 1 [0233.668] DeleteObject (ho=0x6510081f) returned 1 [0233.668] RestoreDC (hdc=0x1d010839, nSavedDC=-1) returned 1 [0233.668] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010839) returned 0x0 [0233.668] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd740dbd) returned 0x0 [0233.668] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0233.668] GetWindowTextLengthW (hWnd=0x201e6) returned 0 [0233.668] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0233.668] GetSystemMetrics (nIndex=42) returned 0 [0233.668] GetWindowTextW (in: hWnd=0x201e6, lpString=0x29e070, nMaxCount=1 | out: lpString="") returned 0 [0233.668] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0xd, wParam=0x1, lParam=0x29e070) returned 0x0 [0233.668] GdipGetImageWidth (image=0x1c34a190, width=0x29e068) returned 0x0 [0233.668] GdipGetImageHeight (image=0x1c34a190, height=0x29e068) returned 0x0 [0233.668] GdipDrawImageRectI (graphics=0x1bcbdb80, image=0x1c34a190, x=0, y=0, width=532, height=86) returned 0x0 [0233.671] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29e188) returned 0x0 [0233.671] BitBlt (hdc=0x7010804, x=0, y=0, cx=537, cy=87, hdcSrc=0x1d010839, x1=0, y1=0, rop=0xcc0020) returned 1 [0233.671] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1d010839) returned 0x0 [0233.671] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.671] SelectObject (hdc=0x1d010839, h=0x185000f) returned 0x600507b5 [0233.671] DeleteDC (hdc=0x1d010839) returned 1 [0233.671] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0233.671] DeleteObject (ho=0x600507b5) returned 1 [0233.672] EndPaint (hWnd=0x201e6, lpPaint=0x29e168) returned 1 [0233.672] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.672] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.672] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.672] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.672] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.673] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29e118 | out: lpPaint=0x29e118) returned 0x501080c [0233.673] SelectPalette (hdc=0x501080c, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.673] CreateCompatibleDC (hdc=0x501080c) returned 0x17010843 [0233.673] SelectObject (hdc=0x17010843, h=0xa05082d) returned 0x185000f [0233.673] GdipCreateFromHDC (hdc=0x17010843, graphics=0x29e098) returned 0x0 [0233.673] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0233.673] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0233.673] GdipCreateMatrix (matrix=0x29e0c0) returned 0x0 [0233.673] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0233.673] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e128) returned 0x0 [0233.673] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.673] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.673] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.673] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.673] GdipCreateRegion (region=0x29e0c0) returned 0x0 [0233.673] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0233.673] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29e120) returned 0x0 [0233.673] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29e1c0) returned 0x0 [0233.673] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd720dbd) returned 0x0 [0233.673] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0233.673] GdipGetDC (graphics=0x1c34abe0, hdc=0x29de38) returned 0x0 [0233.673] GetCurrentObject (hdc=0x17010843, type=0x1) returned 0x1b00017 [0233.673] GetCurrentObject (hdc=0x17010843, type=0x2) returned 0x1900010 [0233.673] GetCurrentObject (hdc=0x17010843, type=0x7) returned 0xa05082d [0233.673] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.673] SaveDC (hdc=0x17010843) returned 1 [0233.673] GetNearestColor (hdc=0x17010843, color=0x0) returned 0x0 [0233.673] GetNearestColor (hdc=0x17010843, color=0x0) returned 0x0 [0233.674] GetNearestColor (hdc=0x17010843, color=0x0) returned 0x0 [0233.674] GetNearestColor (hdc=0x17010843, color=0x989898) returned 0x989898 [0233.674] GetNearestColor (hdc=0x17010843, color=0x8b) returned 0x8b [0233.674] GetNearestColor (hdc=0x17010843, color=0x7f7f7f) returned 0x7f7f7f [0233.674] GetNearestColor (hdc=0x17010843, color=0x989898) returned 0x989898 [0233.674] GetNearestColor (hdc=0x17010843, color=0x0) returned 0x0 [0233.674] GetNearestColor (hdc=0x17010843, color=0x8b) returned 0x8b [0233.674] RestoreDC (hdc=0x17010843, nSavedDC=-1) returned 1 [0233.674] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x17010843) returned 0x0 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29daa8, format=0x102415, lpdtp=0x22d4ac0 | out: lpchText="Сopy to clipboard", lprc=0x29daa8) returned 13 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] IsThemePartDefined () returned 0x1 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] GetThemeAppProperties () returned 0x3 [0233.674] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0233.674] IsAppThemed () returned 0x1 [0233.674] GetThemeAppProperties () returned 0x3 [0233.675] GetThemeAppProperties () returned 0x3 [0233.675] IsAppThemed () returned 0x1 [0233.675] GetThemeAppProperties () returned 0x3 [0233.675] GetThemeAppProperties () returned 0x3 [0233.675] IsThemePartDefined () returned 0x1 [0233.675] GdipCreateRegion (region=0x29dba0) returned 0x0 [0233.675] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0233.675] GdipCreateMatrix (matrix=0x29dba0) returned 0x0 [0233.675] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0233.675] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dc08) returned 0x0 [0233.675] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.675] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.675] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.675] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.675] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.675] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.675] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.675] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29dc70) returned 0x0 [0233.675] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29dc30) returned 0x0 [0233.675] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29dc30) returned 0x0 [0233.675] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0233.675] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dc78) returned 0x0 [0233.675] GetCurrentObject (hdc=0x17010843, type=0x1) returned 0x1b00017 [0233.675] GetCurrentObject (hdc=0x17010843, type=0x2) returned 0x1900010 [0233.675] GetCurrentObject (hdc=0x17010843, type=0x7) returned 0xa05082d [0233.675] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.675] SaveDC (hdc=0x17010843) returned 1 [0233.675] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff8f040812 [0233.675] GetClipRgn (hdc=0x17010843, hrgn=0xffffffff8f040812) returned 0 [0233.675] SelectClipRgn (hdc=0x17010843, hrgn=0x3904083a) returned 2 [0233.675] DeleteObject (ho=0xffffffff8f040812) returned 1 [0233.675] DeleteObject (ho=0x3904083a) returned 1 [0233.675] OffsetViewportOrgEx (in: hdc=0x17010843, x=0, y=0, lppt=0x22d54a8 | out: lppt=0x22d54a8) returned 1 [0233.676] DrawThemeParentBackground () returned 0x0 [0233.676] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d828 | out: lpwndpl=0x29d828) returned 1 [0233.676] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d740 | out: lpRect=0x29d740) returned 1 [0233.676] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0233.676] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0233.676] GetSystemMetrics (nIndex=42) returned 0 [0233.676] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d460, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0233.676] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d460) returned 0x27 [0233.676] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d528 | out: lpRect=0x29d528) returned 1 [0233.676] GetCurrentObject (hdc=0x17010843, type=0x1) returned 0x1b00017 [0233.676] GetCurrentObject (hdc=0x17010843, type=0x2) returned 0x1900010 [0233.676] GetCurrentObject (hdc=0x17010843, type=0x7) returned 0xa05082d [0233.676] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.676] SaveDC (hdc=0x17010843) returned 2 [0233.676] GetNearestColor (hdc=0x17010843, color=0x0) returned 0x0 [0233.676] CreateSolidBrush (color=0x0) returned 0x6610081f [0233.676] FillRect (hDC=0x17010843, lprc=0x29d218, hbr=0x6610081f) returned 1 [0233.676] DeleteObject (ho=0x6610081f) returned 1 [0233.676] RestoreDC (hdc=0x17010843, nSavedDC=-1) returned 1 [0233.676] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0233.676] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0233.676] GetSystemMetrics (nIndex=42) returned 0 [0233.676] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d390, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0233.676] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d390) returned 0x27 [0233.676] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d458 | out: lpRect=0x29d458) returned 1 [0233.677] GetCurrentObject (hdc=0x17010843, type=0x1) returned 0x1b00017 [0233.677] GetCurrentObject (hdc=0x17010843, type=0x2) returned 0x1900010 [0233.677] GetCurrentObject (hdc=0x17010843, type=0x7) returned 0xa05082d [0233.677] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.677] SaveDC (hdc=0x17010843) returned 2 [0233.677] GetNearestColor (hdc=0x17010843, color=0x0) returned 0x0 [0233.677] CreateSolidBrush (color=0x0) returned 0x6710081f [0233.677] FillRect (hDC=0x17010843, lprc=0x29d148, hbr=0x6710081f) returned 1 [0233.677] DeleteObject (ho=0x6710081f) returned 1 [0233.677] RestoreDC (hdc=0x17010843, nSavedDC=-1) returned 1 [0233.677] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0233.677] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0233.677] GetSystemMetrics (nIndex=42) returned 0 [0233.677] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29d390, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0233.677] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29d390) returned 0x27 [0233.677] RestoreDC (hdc=0x17010843, nSavedDC=-1) returned 1 [0233.677] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x17010843) returned 0x0 [0233.677] IsAppThemed () returned 0x1 [0233.677] GetThemeAppProperties () returned 0x3 [0233.677] GetThemeAppProperties () returned 0x3 [0233.677] IsAppThemed () returned 0x1 [0233.677] GetThemeAppProperties () returned 0x3 [0233.677] GetThemeAppProperties () returned 0x3 [0233.677] IsThemePartDefined () returned 0x1 [0233.677] GdipCreateRegion (region=0x29db40) returned 0x0 [0233.677] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0233.677] GdipCreateMatrix (matrix=0x29db40) returned 0x0 [0233.677] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0233.677] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29dba8) returned 0x0 [0233.677] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.677] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.678] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.678] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.678] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.678] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.678] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.678] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29dc10) returned 0x0 [0233.678] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29dbd0) returned 0x0 [0233.678] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29dbd0) returned 0x0 [0233.678] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0233.678] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dc18) returned 0x0 [0233.678] GetCurrentObject (hdc=0x17010843, type=0x1) returned 0x1b00017 [0233.678] GetCurrentObject (hdc=0x17010843, type=0x2) returned 0x1900010 [0233.678] GetCurrentObject (hdc=0x17010843, type=0x7) returned 0xa05082d [0233.678] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.678] SaveDC (hdc=0x17010843) returned 1 [0233.678] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3a04083a [0233.678] GetClipRgn (hdc=0x17010843, hrgn=0x3a04083a) returned 0 [0233.678] SelectClipRgn (hdc=0x17010843, hrgn=0xffffffff91040812) returned 2 [0233.678] DeleteObject (ho=0x3a04083a) returned 1 [0233.678] DeleteObject (ho=0xffffffff91040812) returned 1 [0233.678] OffsetViewportOrgEx (in: hdc=0x17010843, x=0, y=0, lppt=0x22d65b0 | out: lppt=0x22d65b0) returned 1 [0233.678] IsAppThemed () returned 0x1 [0233.678] GetThemeAppProperties () returned 0x3 [0233.678] GetThemeAppProperties () returned 0x3 [0233.678] DrawThemeBackground () returned 0x0 [0233.678] RestoreDC (hdc=0x17010843, nSavedDC=-1) returned 1 [0233.678] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x17010843) returned 0x0 [0233.679] GdipCreateRegion (region=0x29db30) returned 0x0 [0233.679] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0233.679] GdipCreateMatrix (matrix=0x29db30) returned 0x0 [0233.679] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0233.679] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29db98) returned 0x0 [0233.679] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.679] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.679] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.679] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.679] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.679] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.679] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.679] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29dc00) returned 0x0 [0233.679] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29dbc0) returned 0x0 [0233.679] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29dbc0) returned 0x0 [0233.679] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0233.679] GdipGetDC (graphics=0x1c34abe0, hdc=0x29dc08) returned 0x0 [0233.679] GetCurrentObject (hdc=0x17010843, type=0x1) returned 0x1b00017 [0233.679] GetCurrentObject (hdc=0x17010843, type=0x2) returned 0x1900010 [0233.679] GetCurrentObject (hdc=0x17010843, type=0x7) returned 0xa05082d [0233.679] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.679] SaveDC (hdc=0x17010843) returned 1 [0233.679] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffff92040812 [0233.679] GetClipRgn (hdc=0x17010843, hrgn=0xffffffff92040812) returned 0 [0233.679] SelectClipRgn (hdc=0x17010843, hrgn=0x3b04083a) returned 2 [0233.679] DeleteObject (ho=0xffffffff92040812) returned 1 [0233.679] DeleteObject (ho=0x3b04083a) returned 1 [0233.679] OffsetViewportOrgEx (in: hdc=0x17010843, x=0, y=0, lppt=0x22d6a88 | out: lppt=0x22d6a88) returned 1 [0233.679] IsAppThemed () returned 0x1 [0233.679] GetThemeAppProperties () returned 0x3 [0233.679] GetThemeAppProperties () returned 0x3 [0233.679] GetThemeBackgroundContentRect () returned 0x0 [0233.679] RestoreDC (hdc=0x17010843, nSavedDC=-1) returned 1 [0233.679] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x17010843) returned 0x0 [0233.680] IsAppThemed () returned 0x1 [0233.680] GetThemeAppProperties () returned 0x3 [0233.680] GetThemeAppProperties () returned 0x3 [0233.680] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29dde8) returned 0x0 [0233.680] GdipGetDC (graphics=0x1c34abe0, hdc=0x29ddc8) returned 0x0 [0233.680] GetCurrentObject (hdc=0x17010843, type=0x1) returned 0x1b00017 [0233.680] GetCurrentObject (hdc=0x17010843, type=0x2) returned 0x1900010 [0233.680] GetCurrentObject (hdc=0x17010843, type=0x7) returned 0xa05082d [0233.680] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.680] SaveDC (hdc=0x17010843) returned 1 [0233.680] GetTextAlign (hdc=0x17010843) returned 0x0 [0233.680] GetTextColor (hdc=0x17010843) returned 0x0 [0233.680] SetTextColor (hdc=0x17010843, color=0x8b) returned 0x0 [0233.680] GetCurrentObject (hdc=0x17010843, type=0x6) returned 0x18a002e [0233.680] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d900 | out: pv=0x29d900) returned 92 [0233.680] SelectObject (hdc=0x17010843, h=0x90a0819) returned 0x18a002e [0233.680] GetBkMode (hdc=0x17010843) returned 2 [0233.680] SetBkMode (hdc=0x17010843, mode=1) returned 2 [0233.680] DrawTextExW (in: hdc=0x17010843, lpchText="Сopy to clipboard", cchText=17, lprc=0x29db40, format=0x102415, lpdtp=0x22d7110 | out: lpchText="Сopy to clipboard", lprc=0x29db40) returned 13 [0233.680] DrawTextExW (in: hdc=0x17010843, lpchText="Сopy to clipboard", cchText=17, lprc=0x29dd58, format=0x102015, lpdtp=0x22d7110 | out: lpchText="Сopy to clipboard", lprc=0x29dd58) returned 13 [0233.680] RestoreDC (hdc=0x17010843, nSavedDC=-1) returned 1 [0233.680] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x17010843) returned 0x0 [0233.680] GetFocus () returned 0x0 [0233.680] IsAppThemed () returned 0x1 [0233.680] GetThemeAppProperties () returned 0x3 [0233.680] GetThemeAppProperties () returned 0x3 [0233.680] GdipGetDC (graphics=0x1c34abe0, hdc=0x29e0d8) returned 0x0 [0233.680] BitBlt (hdc=0x501080c, x=0, y=0, cx=196, cy=49, hdcSrc=0x17010843, x1=0, y1=0, rop=0xcc0020) returned 1 [0233.681] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x17010843) returned 0x0 [0233.681] SelectPalette (hdc=0x501080c, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.681] SelectObject (hdc=0x17010843, h=0x185000f) returned 0xa05082d [0233.681] DeleteDC (hdc=0x17010843) returned 1 [0233.681] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0233.681] EndPaint (hWnd=0x201ba, lpPaint=0x29e0b8) returned 1 [0233.681] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.681] IsWindowUnicode (hWnd=0x201bc) returned 1 [0233.681] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.681] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.681] DispatchMessageW (lpMsg=0x29ea50) returned 0x1 [0233.681] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0233.681] SetTextColor (hdc=0x62010258, color=0xa5ff) returned 0x0 [0233.681] SetBkColor (hdc=0x62010258, color=0x0) returned 0xffffff [0233.682] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.682] IsWindowUnicode (hWnd=0x401da) returned 1 [0233.682] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.682] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.682] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.682] BeginPaint (in: hWnd=0x401da, lpPaint=0x29e148 | out: lpPaint=0x29e148) returned 0x7010804 [0233.682] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0233.682] CreateCompatibleDC (hdc=0x7010804) returned 0x1a010843 [0233.682] GetObjectType (h=0x7010804) returned 0x3 [0233.682] CreateCompatibleBitmap (hdc=0x7010804, cx=1, cy=1) returned 0x660507b5 [0233.682] GetDIBits (in: hdc=0x7010804, hbm=0x660507b5, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0233.682] GetDIBits (in: hdc=0x7010804, hbm=0x660507b5, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x29da58, usage=0x0 | out: lpvBits=0x0, lpbmi=0x29da58) returned 1 [0233.682] DeleteObject (ho=0x660507b5) returned 1 [0233.682] CreateDIBSection (in: hdc=0x7010804, lpbmi=0x29db08, usage=0x0, ppvBits=0x29e0c8, hSection=0x0, offset=0x0 | out: ppvBits=0x29e0c8) returned 0x20050839 [0233.682] SelectObject (hdc=0x1a010843, h=0x20050839) returned 0x185000f [0233.682] GdipCreateFromHDC (hdc=0x1a010843, graphics=0x29e048) returned 0x0 [0233.682] GdipTranslateWorldTransform (graphics=0x1bcbdb80, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0233.682] GdipSetClipRectI (graphics=0x1bcbdb80, x=0, y=0, width=297, height=73, combineMode=0x0) returned 0x0 [0233.682] GdipCreateMatrix (matrix=0x29e0f0) returned 0x0 [0233.682] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdf80) returned 0x0 [0233.682] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29e158) returned 0x0 [0233.683] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.683] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0233.683] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.683] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0233.683] GdipCreateRegion (region=0x29e0f0) returned 0x0 [0233.683] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ac70) returned 0x0 [0233.683] GdipIsInfiniteRegion (region=0x1c34ac70, graphics=0x1bcbdb80, result=0x29e150) returned 0x0 [0233.683] GdipSaveGraphics (graphics=0x1bcbdb80, state=0x29e1f0) returned 0x0 [0233.683] GetWindowTextLengthW (hWnd=0x401da) returned 8 [0233.683] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8 [0233.683] GetSystemMetrics (nIndex=42) returned 0 [0233.683] GetWindowTextW (in: hWnd=0x401da, lpString=0x29dfe0, nMaxCount=9 | out: lpString="BlackHat") returned 8 [0233.683] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xd, wParam=0x9, lParam=0x29dfe0) returned 0x8 [0233.683] GetClientRect (in: hWnd=0x401da, lpRect=0x29e198 | out: lpRect=0x29e198) returned 1 [0233.683] GdipCreateRegion (region=0x29dd80) returned 0x0 [0233.683] GdipGetClip (graphics=0x1bcbdb80, region=0x1c34ad30) returned 0x0 [0233.683] GdipCreateMatrix (matrix=0x29dd80) returned 0x0 [0233.683] GdipGetWorldTransform (graphics=0x1bcbdb80, matrix=0x1bcbdfc0) returned 0x0 [0233.683] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29dde8) returned 0x0 [0233.683] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.683] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.683] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.683] GdipCombineRegionRegion (region=0x1c34ad30, region2=0x1c34ac70, combineMode=0x1) returned 0x0 [0233.683] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0233.683] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0233.683] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0233.683] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0233.683] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de50) returned 0x0 [0233.683] GdipIsInfiniteRegion (region=0x1c34ad30, graphics=0x1bcbdb80, result=0x29de10) returned 0x0 [0233.683] GdipGetRegionHRgn (region=0x1c34ad30, graphics=0x1bcbdb80, hRgn=0x29de10) returned 0x0 [0233.683] GdipDeleteRegion (region=0x1c34ad30) returned 0x0 [0233.683] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29de58) returned 0x0 [0233.683] GetCurrentObject (hdc=0x1a010843, type=0x1) returned 0x1b00017 [0233.683] GetCurrentObject (hdc=0x1a010843, type=0x2) returned 0x1900010 [0233.683] GetCurrentObject (hdc=0x1a010843, type=0x7) returned 0x20050839 [0233.684] GetCurrentObject (hdc=0x1a010843, type=0x6) returned 0x18a002e [0233.684] SaveDC (hdc=0x1a010843) returned 1 [0233.684] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffe1040228 [0233.684] GetClipRgn (hdc=0x1a010843, hrgn=0xffffffffe1040228) returned 0 [0233.684] SelectClipRgn (hdc=0x1a010843, hrgn=0x3d04083a) returned 2 [0233.684] DeleteObject (ho=0xffffffffe1040228) returned 1 [0233.684] DeleteObject (ho=0x3d04083a) returned 1 [0233.684] OffsetViewportOrgEx (in: hdc=0x1a010843, x=0, y=0, lppt=0x22d8900 | out: lppt=0x22d8900) returned 1 [0233.684] GetNearestColor (hdc=0x1a010843, color=0x0) returned 0x0 [0233.684] CreateSolidBrush (color=0x0) returned 0x6810081f [0233.684] FillRect (hDC=0x1a010843, lprc=0x29de88, hbr=0x6810081f) returned 1 [0233.684] DeleteObject (ho=0x6810081f) returned 1 [0233.684] RestoreDC (hdc=0x1a010843, nSavedDC=-1) returned 1 [0233.684] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1a010843) returned 0x0 [0233.684] GdipRestoreGraphics (graphics=0x1bcbdb80, state=0xfffffffffd700dbd) returned 0x0 [0233.684] GdipDeleteRegion (region=0x1c34ac70) returned 0x0 [0233.684] GetWindowTextLengthW (hWnd=0x401da) returned 8 [0233.684] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8 [0233.685] GetSystemMetrics (nIndex=42) returned 0 [0233.685] GetWindowTextW (in: hWnd=0x401da, lpString=0x29dfe0, nMaxCount=9 | out: lpString="BlackHat") returned 8 [0233.685] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0xd, wParam=0x9, lParam=0x29dfe0) returned 0x8 [0233.685] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29dfe8) returned 0x0 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x1) returned 0x1b00017 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x2) returned 0x1900010 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x7) returned 0x20050839 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x6) returned 0x18a002e [0233.685] SaveDC (hdc=0x1a010843) returned 1 [0233.685] GetNearestColor (hdc=0x1a010843, color=0x8b) returned 0x8b [0233.685] RestoreDC (hdc=0x1a010843, nSavedDC=-1) returned 1 [0233.685] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1a010843) returned 0x0 [0233.685] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7fefc0f0000 [0233.685] AdjustWindowRectEx (in: lpRect=0x29de98, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x29de98) returned 1 [0233.685] GdipGetTextRenderingHint (graphics=0x1bcbdb80, mode=0x29def8) returned 0x0 [0233.685] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29ded8) returned 0x0 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x1) returned 0x1b00017 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x2) returned 0x1900010 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x7) returned 0x20050839 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x6) returned 0x18a002e [0233.685] SaveDC (hdc=0x1a010843) returned 1 [0233.685] GetTextAlign (hdc=0x1a010843) returned 0x0 [0233.685] GetTextColor (hdc=0x1a010843) returned 0x0 [0233.685] SetTextColor (hdc=0x1a010843, color=0x8b) returned 0x0 [0233.685] GetCurrentObject (hdc=0x1a010843, type=0x6) returned 0x18a002e [0233.686] GetObjectW (in: h=0x18a002e, c=92, pv=0x29da10 | out: pv=0x29da10) returned 92 [0233.686] SelectObject (hdc=0x1a010843, h=0x90a0809) returned 0x18a002e [0233.686] GetBkMode (hdc=0x1a010843) returned 2 [0233.686] SetBkMode (hdc=0x1a010843, mode=1) returned 2 [0233.686] DrawTextExW (in: hdc=0x1a010843, lpchText="BlackHat", cchText=8, lprc=0x29de68, format=0x100001, lpdtp=0x22d9208 | out: lpchText="BlackHat", lprc=0x29de68) returned 73 [0233.686] RestoreDC (hdc=0x1a010843, nSavedDC=-1) returned 1 [0233.686] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1a010843) returned 0x0 [0233.686] GdipGetDC (graphics=0x1bcbdb80, hdc=0x29e108) returned 0x0 [0233.686] BitBlt (hdc=0x7010804, x=0, y=0, cx=297, cy=73, hdcSrc=0x1a010843, x1=0, y1=0, rop=0xcc0020) returned 1 [0233.686] GdipReleaseDC (graphics=0x1bcbdb80, hdc=0x1a010843) returned 0x0 [0233.686] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0233.686] SelectObject (hdc=0x1a010843, h=0x185000f) returned 0x20050839 [0233.686] DeleteDC (hdc=0x1a010843) returned 1 [0233.686] GdipDeleteGraphics (graphics=0x1bcbdb80) returned 0x0 [0233.686] DeleteObject (ho=0x20050839) returned 1 [0233.687] EndPaint (hWnd=0x401da, lpPaint=0x29e0e8) returned 1 [0233.687] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.687] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.687] WaitMessage () returned 1 [0233.688] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.688] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.688] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.688] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.688] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.688] SetCursor (hCursor=0x10003) returned 0x10003 [0233.688] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.688] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.688] GetKeyState (nVirtKey=1) returned 0 [0233.688] GetKeyState (nVirtKey=2) returned 0 [0233.688] GetKeyState (nVirtKey=4) returned 0 [0233.688] GetKeyState (nVirtKey=5) returned 0 [0233.688] GetKeyState (nVirtKey=6) returned 0 [0233.688] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.688] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.688] WaitMessage () returned 1 [0233.690] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.690] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.690] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.690] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.690] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.690] SetCursor (hCursor=0x10003) returned 0x10003 [0233.690] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.690] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.690] GetKeyState (nVirtKey=1) returned 0 [0233.690] GetKeyState (nVirtKey=2) returned 0 [0233.690] GetKeyState (nVirtKey=4) returned 0 [0233.691] GetKeyState (nVirtKey=5) returned 0 [0233.691] GetKeyState (nVirtKey=6) returned 0 [0233.691] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.691] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.691] WaitMessage () returned 1 [0233.691] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.691] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.691] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.691] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.691] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.691] SetCursor (hCursor=0x10003) returned 0x10003 [0233.691] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.691] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.691] GetKeyState (nVirtKey=1) returned 0 [0233.691] GetKeyState (nVirtKey=2) returned 0 [0233.691] GetKeyState (nVirtKey=4) returned 0 [0233.691] GetKeyState (nVirtKey=5) returned 0 [0233.691] GetKeyState (nVirtKey=6) returned 0 [0233.691] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.692] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.692] WaitMessage () returned 1 [0233.692] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.692] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.692] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.692] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.692] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.692] SetCursor (hCursor=0x10003) returned 0x10003 [0233.692] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.692] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.692] GetKeyState (nVirtKey=1) returned 0 [0233.692] GetKeyState (nVirtKey=2) returned 0 [0233.692] GetKeyState (nVirtKey=4) returned 0 [0233.692] GetKeyState (nVirtKey=5) returned 0 [0233.692] GetKeyState (nVirtKey=6) returned 0 [0233.692] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.692] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.692] WaitMessage () returned 1 [0233.693] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.693] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.693] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.693] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.693] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.693] SetCursor (hCursor=0x10003) returned 0x10003 [0233.693] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.693] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.693] GetKeyState (nVirtKey=1) returned 0 [0233.693] GetKeyState (nVirtKey=2) returned 0 [0233.693] GetKeyState (nVirtKey=4) returned 0 [0233.693] GetKeyState (nVirtKey=5) returned 0 [0233.693] GetKeyState (nVirtKey=6) returned 0 [0233.693] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.693] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.693] WaitMessage () returned 1 [0233.694] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.694] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.694] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.694] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.694] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.694] SetCursor (hCursor=0x10003) returned 0x10003 [0233.694] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.694] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.694] GetKeyState (nVirtKey=1) returned 0 [0233.694] GetKeyState (nVirtKey=2) returned 0 [0233.694] GetKeyState (nVirtKey=4) returned 0 [0233.694] GetKeyState (nVirtKey=5) returned 0 [0233.694] GetKeyState (nVirtKey=6) returned 0 [0233.694] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.694] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.694] WaitMessage () returned 1 [0233.694] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.695] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.695] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.695] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.695] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.695] SetCursor (hCursor=0x10003) returned 0x10003 [0233.695] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.695] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.695] GetKeyState (nVirtKey=1) returned 0 [0233.695] GetKeyState (nVirtKey=2) returned 0 [0233.695] GetKeyState (nVirtKey=4) returned 0 [0233.695] GetKeyState (nVirtKey=5) returned 0 [0233.695] GetKeyState (nVirtKey=6) returned 0 [0233.695] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.695] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.695] WaitMessage () returned 1 [0233.695] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.695] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.695] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.695] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.695] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.696] SetCursor (hCursor=0x10003) returned 0x10003 [0233.696] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.696] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.696] GetKeyState (nVirtKey=1) returned 0 [0233.696] GetKeyState (nVirtKey=2) returned 0 [0233.696] GetKeyState (nVirtKey=4) returned 0 [0233.696] GetKeyState (nVirtKey=5) returned 0 [0233.696] GetKeyState (nVirtKey=6) returned 0 [0233.696] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.696] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.696] WaitMessage () returned 1 [0233.696] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.696] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.696] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.696] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.696] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x16c02c0) returned 0x1 [0233.696] SetCursor (hCursor=0x10003) returned 0x10003 [0233.697] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.697] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.697] GetKeyState (nVirtKey=1) returned 0 [0233.697] GetKeyState (nVirtKey=2) returned 0 [0233.697] GetKeyState (nVirtKey=4) returned 0 [0233.697] GetKeyState (nVirtKey=5) returned 0 [0233.697] GetKeyState (nVirtKey=6) returned 0 [0233.697] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.697] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.697] WaitMessage () returned 1 [0233.733] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.733] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.733] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.733] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.733] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.733] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.733] IsWindowUnicode (hWnd=0x201ba) returned 1 [0233.733] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0233.733] TranslateMessage (lpMsg=0x29ea50) returned 0 [0233.733] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0233.733] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x2a1, wParam=0x0, lParam=0xe004c) returned 0x0 [0233.733] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.733] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0233.733] WaitMessage () returned 1 [0234.290] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.290] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.290] IsWindowUnicode (hWnd=0x201ba) returned 1 [0234.290] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.290] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.290] SetCursor (hCursor=0x10003) returned 0x10003 [0234.290] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.290] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.290] GetKeyState (nVirtKey=1) returned 0 [0234.290] GetKeyState (nVirtKey=2) returned 0 [0234.290] GetKeyState (nVirtKey=4) returned 0 [0234.290] GetKeyState (nVirtKey=5) returned 0 [0234.290] GetKeyState (nVirtKey=6) returned 0 [0234.291] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.291] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.291] IsWindowUnicode (hWnd=0x201ba) returned 1 [0234.291] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.291] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.291] GetDlgItem (hDlg=0x501ac, nIDDlgItem=0) returned 0x0 [0234.291] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x210, wParam=0x201, lParam=0xc60180) returned 0x0 [0234.291] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0234.291] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x21, wParam=0x501ac, lParam=0x2010001) returned 0x1 [0234.291] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e8b0) returned 0x0 [0234.291] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x46, wParam=0x0, lParam=0x29e8b0) returned 0x0 [0234.292] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e488 | out: lpwndpl=0x29e488) returned 1 [0234.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x47, wParam=0x0, lParam=0x29e8b0) returned 0x0 [0234.292] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e320 | out: lpRect=0x29e320) returned 1 [0234.292] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e320 | out: lpRect=0x29e320) returned 1 [0234.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0234.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0234.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0234.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x47, wParam=0x0, lParam=0x29e8b0) returned 0x0 [0234.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae05720) returned 0x0 [0234.292] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0234.293] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0234.293] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0234.293] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0234.293] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0234.293] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0234.293] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0234.294] GetFocus () returned 0x0 [0234.294] SetFocus (hWnd=0x201ba) returned 0x0 [0234.294] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0234.294] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0234.294] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0234.294] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0234.294] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0234.294] GetStockObject (i=5) returned 0x1900015 [0234.294] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x11 [0234.294] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0xd, wParam=0x12, lParam=0x1a9ad540) returned 0x11 [0234.294] GetDlgItem (hDlg=0x501ac, nIDDlgItem=131514) returned 0x201ba [0234.294] SendMessageW (hWnd=0x201ba, Msg=0x202b, wParam=0x201ba, lParam=0x29d8e0) returned 0x0 [0234.294] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x202b, wParam=0x201ba, lParam=0x29d8e0) returned 0x0 [0234.294] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0234.300] SetCursor (hCursor=0x10003) returned 0x10003 [0234.300] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.300] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.300] GetKeyState (nVirtKey=1) returned -127 [0234.300] GetKeyState (nVirtKey=2) returned 0 [0234.300] GetKeyState (nVirtKey=4) returned 0 [0234.300] GetKeyState (nVirtKey=5) returned 0 [0234.300] GetKeyState (nVirtKey=6) returned 0 [0234.300] IsWindowVisible (hWnd=0x201ba) returned 1 [0234.300] IsWindowEnabled (hWnd=0x201ba) returned 1 [0234.300] SetFocus (hWnd=0x201ba) returned 0x201ba [0234.300] GetFocus () returned 0x201ba [0234.300] GetFocus () returned 0x201ba [0234.300] GetFocus () returned 0x201ba [0234.300] GetKeyState (nVirtKey=1) returned -127 [0234.300] GetKeyState (nVirtKey=2) returned 0 [0234.300] GetKeyState (nVirtKey=4) returned 0 [0234.300] GetKeyState (nVirtKey=5) returned 0 [0234.300] GetKeyState (nVirtKey=6) returned 0 [0234.300] GetCapture () returned 0x0 [0234.300] SetCapture (hWnd=0x201ba) returned 0x0 [0234.300] GetKeyState (nVirtKey=1) returned -127 [0234.300] GetKeyState (nVirtKey=2) returned 0 [0234.300] GetKeyState (nVirtKey=4) returned 0 [0234.300] GetKeyState (nVirtKey=5) returned 0 [0234.300] GetKeyState (nVirtKey=6) returned 0 [0234.300] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0234.301] InvalidateRect (hWnd=0x201ba, lpRect=0x29e390, bErase=0) returned 1 [0234.301] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.301] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.301] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.301] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0234.301] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.301] GetMessageA (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.301] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.301] DispatchMessageA (lpMsg=0x29ea50) returned 0x0 [0234.301] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.301] IsWindowUnicode (hWnd=0x201ba) returned 1 [0234.301] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.301] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.301] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.301] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22d9730, cPoints=0x1 | out: lpPoints=0x22d9730) returned 22938228 [0234.301] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0234.301] InvalidateRect (hWnd=0x201ba, lpRect=0x29e320, bErase=0) returned 1 [0234.301] UpdateWindow (hWnd=0x201ba) returned 1 [0234.301] BeginPaint (in: hWnd=0x201ba, lpPaint=0x29da98 | out: lpPaint=0x29da98) returned 0x7010804 [0234.301] SelectPalette (hdc=0x7010804, hPal=0x1908082e, bForceBkgd=1) returned 0x188000b [0234.301] CreateCompatibleDC (hdc=0x7010804) returned 0x13010815 [0234.301] SelectObject (hdc=0x13010815, h=0xa05082d) returned 0x185000f [0234.301] GdipCreateFromHDC (hdc=0x13010815, graphics=0x29da18) returned 0x0 [0234.301] GdipTranslateWorldTransform (graphics=0x1c34abe0, dx=0x7fef024df12, dy=0x3d6d008485b9, order=0x0) returned 0x0 [0234.301] GdipSetClipRectI (graphics=0x1c34abe0, x=0, y=0, width=196, height=49, combineMode=0x0) returned 0x0 [0234.301] GdipCreateMatrix (matrix=0x29da40) returned 0x0 [0234.301] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0234.301] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29daa8) returned 0x0 [0234.301] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0234.301] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0234.302] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0234.302] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0234.302] GdipCreateRegion (region=0x29da40) returned 0x0 [0234.302] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0234.302] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29daa0) returned 0x0 [0234.302] GdipSaveGraphics (graphics=0x1c34abe0, state=0x29db40) returned 0x0 [0234.302] GdipRestoreGraphics (graphics=0x1c34abe0, state=0xfffffffffd6e0dbd) returned 0x0 [0234.302] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0234.302] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d7b8) returned 0x0 [0234.302] GetCurrentObject (hdc=0x13010815, type=0x1) returned 0x1b00017 [0234.302] GetCurrentObject (hdc=0x13010815, type=0x2) returned 0x1900010 [0234.302] GetCurrentObject (hdc=0x13010815, type=0x7) returned 0xa05082d [0234.302] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.302] SaveDC (hdc=0x13010815) returned 1 [0234.302] GetNearestColor (hdc=0x13010815, color=0x0) returned 0x0 [0234.302] GetNearestColor (hdc=0x13010815, color=0x0) returned 0x0 [0234.302] GetNearestColor (hdc=0x13010815, color=0x0) returned 0x0 [0234.302] GetNearestColor (hdc=0x13010815, color=0x989898) returned 0x989898 [0234.302] GetNearestColor (hdc=0x13010815, color=0x8b) returned 0x8b [0234.302] GetNearestColor (hdc=0x13010815, color=0x7f7f7f) returned 0x7f7f7f [0234.302] GetNearestColor (hdc=0x13010815, color=0x989898) returned 0x989898 [0234.302] GetNearestColor (hdc=0x13010815, color=0x0) returned 0x0 [0234.302] GetNearestColor (hdc=0x13010815, color=0x8b) returned 0x8b [0234.302] RestoreDC (hdc=0x13010815, nSavedDC=-1) returned 1 [0234.303] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x13010815) returned 0x0 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] DrawTextExW (in: hdc=0x190107fc, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d428, format=0x102415, lpdtp=0x22da308 | out: lpchText="Сopy to clipboard", lprc=0x29d428) returned 13 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsThemePartDefined () returned 0x1 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsAppThemed () returned 0x1 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] GetThemeAppProperties () returned 0x3 [0234.303] IsThemePartDefined () returned 0x1 [0234.303] GdipCreateRegion (region=0x29d520) returned 0x0 [0234.303] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0234.303] GdipCreateMatrix (matrix=0x29d520) returned 0x0 [0234.303] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0234.303] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d588) returned 0x0 [0234.304] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0234.304] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0234.304] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0234.304] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0234.304] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0234.304] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0234.304] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0234.304] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5f0) returned 0x0 [0234.304] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d5b0) returned 0x0 [0234.304] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d5b0) returned 0x0 [0234.304] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0234.304] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d5f8) returned 0x0 [0234.304] GetCurrentObject (hdc=0x13010815, type=0x1) returned 0x1b00017 [0234.304] GetCurrentObject (hdc=0x13010815, type=0x2) returned 0x1900010 [0234.304] GetCurrentObject (hdc=0x13010815, type=0x7) returned 0xa05082d [0234.304] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.304] SaveDC (hdc=0x13010815) returned 1 [0234.304] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3e04083a [0234.304] GetClipRgn (hdc=0x13010815, hrgn=0x3e04083a) returned 0 [0234.304] SelectClipRgn (hdc=0x13010815, hrgn=0xffffffffe7040228) returned 2 [0234.304] DeleteObject (ho=0x3e04083a) returned 1 [0234.304] DeleteObject (ho=0xffffffffe7040228) returned 1 [0234.304] OffsetViewportOrgEx (in: hdc=0x13010815, x=0, y=0, lppt=0x22dacf0 | out: lppt=0x22dacf0) returned 1 [0234.304] DrawThemeParentBackground () returned 0x0 [0234.304] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d1a8 | out: lpwndpl=0x29d1a8) returned 1 [0234.304] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d0c0 | out: lpRect=0x29d0c0) returned 1 [0234.304] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0234.304] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0234.304] GetSystemMetrics (nIndex=42) returned 0 [0234.305] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cde0, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0234.305] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cde0) returned 0x27 [0234.305] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cea8 | out: lpRect=0x29cea8) returned 1 [0234.305] GetCurrentObject (hdc=0x13010815, type=0x1) returned 0x1b00017 [0234.305] GetCurrentObject (hdc=0x13010815, type=0x2) returned 0x1900010 [0234.305] GetCurrentObject (hdc=0x13010815, type=0x7) returned 0xa05082d [0234.305] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.305] SaveDC (hdc=0x13010815) returned 2 [0234.305] GetNearestColor (hdc=0x13010815, color=0x0) returned 0x0 [0234.305] CreateSolidBrush (color=0x0) returned 0x6910081f [0234.305] FillRect (hDC=0x13010815, lprc=0x29cb98, hbr=0x6910081f) returned 1 [0234.305] DeleteObject (ho=0x6910081f) returned 1 [0234.305] RestoreDC (hdc=0x13010815, nSavedDC=-1) returned 1 [0234.305] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0234.305] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0234.305] GetSystemMetrics (nIndex=42) returned 0 [0234.305] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0234.305] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0234.305] GetClientRect (in: hWnd=0x501ac, lpRect=0x29cdd8 | out: lpRect=0x29cdd8) returned 1 [0234.305] GetCurrentObject (hdc=0x13010815, type=0x1) returned 0x1b00017 [0234.305] GetCurrentObject (hdc=0x13010815, type=0x2) returned 0x1900010 [0234.305] GetCurrentObject (hdc=0x13010815, type=0x7) returned 0xa05082d [0234.305] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.305] SaveDC (hdc=0x13010815) returned 2 [0234.305] GetNearestColor (hdc=0x13010815, color=0x0) returned 0x0 [0234.305] CreateSolidBrush (color=0x0) returned 0x6a10081f [0234.305] FillRect (hDC=0x13010815, lprc=0x29cac8, hbr=0x6a10081f) returned 1 [0234.306] DeleteObject (ho=0x6a10081f) returned 1 [0234.306] RestoreDC (hdc=0x13010815, nSavedDC=-1) returned 1 [0234.306] GetWindowTextLengthW (hWnd=0x501ac) returned 39 [0234.306] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x27 [0234.306] GetSystemMetrics (nIndex=42) returned 0 [0234.306] GetWindowTextW (in: hWnd=0x501ac, lpString=0x29cd10, nMaxCount=40 | out: lpString="BlackHat - Your Personal Files Crypted.") returned 39 [0234.306] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0xd, wParam=0x28, lParam=0x29cd10) returned 0x27 [0234.306] RestoreDC (hdc=0x13010815, nSavedDC=-1) returned 1 [0234.306] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x13010815) returned 0x0 [0234.306] IsAppThemed () returned 0x1 [0234.306] GetThemeAppProperties () returned 0x3 [0234.306] GetThemeAppProperties () returned 0x3 [0234.306] IsAppThemed () returned 0x1 [0234.306] GetThemeAppProperties () returned 0x3 [0234.306] GetThemeAppProperties () returned 0x3 [0234.306] IsThemePartDefined () returned 0x1 [0234.306] GdipCreateRegion (region=0x29d4c0) returned 0x0 [0234.306] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0234.306] GdipCreateMatrix (matrix=0x29d4c0) returned 0x0 [0234.306] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdf80) returned 0x0 [0234.306] GdipIsMatrixIdentity (matrix=0x1bcbdf80, result=0x29d528) returned 0x0 [0234.306] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0234.306] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0234.306] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0234.306] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0234.306] GdipGetMatrixElements (matrix=0x1bcbdf80, matrixOut=0x1a99c7c0) returned 0x0 [0234.306] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0234.306] GdipDeleteMatrix (matrix=0x1bcbdf80) returned 0x0 [0234.306] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d590) returned 0x0 [0234.306] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d550) returned 0x0 [0234.306] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d550) returned 0x0 [0234.306] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0234.307] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d598) returned 0x0 [0234.307] GetCurrentObject (hdc=0x13010815, type=0x1) returned 0x1b00017 [0234.307] GetCurrentObject (hdc=0x13010815, type=0x2) returned 0x1900010 [0234.307] GetCurrentObject (hdc=0x13010815, type=0x7) returned 0xa05082d [0234.307] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.307] SaveDC (hdc=0x13010815) returned 1 [0234.307] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xffffffffe8040228 [0234.307] GetClipRgn (hdc=0x13010815, hrgn=0xffffffffe8040228) returned 0 [0234.307] SelectClipRgn (hdc=0x13010815, hrgn=0x4004083a) returned 2 [0234.307] DeleteObject (ho=0xffffffffe8040228) returned 1 [0234.307] DeleteObject (ho=0x4004083a) returned 1 [0234.307] OffsetViewportOrgEx (in: hdc=0x13010815, x=0, y=0, lppt=0x22dbdf8 | out: lppt=0x22dbdf8) returned 1 [0234.307] IsAppThemed () returned 0x1 [0234.307] GetThemeAppProperties () returned 0x3 [0234.307] GetThemeAppProperties () returned 0x3 [0234.307] DrawThemeBackground () returned 0x0 [0234.307] RestoreDC (hdc=0x13010815, nSavedDC=-1) returned 1 [0234.307] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x13010815) returned 0x0 [0234.307] GdipCreateRegion (region=0x29d4b0) returned 0x0 [0234.307] GdipGetClip (graphics=0x1c34abe0, region=0x1bcbdc10) returned 0x0 [0234.307] GdipCreateMatrix (matrix=0x29d4b0) returned 0x0 [0234.307] GdipGetWorldTransform (graphics=0x1c34abe0, matrix=0x1bcbdfc0) returned 0x0 [0234.307] GdipIsMatrixIdentity (matrix=0x1bcbdfc0, result=0x29d518) returned 0x0 [0234.307] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0234.307] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0234.307] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0234.307] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1a99c7c0 [0234.307] GdipGetMatrixElements (matrix=0x1bcbdfc0, matrixOut=0x1a99c7c0) returned 0x0 [0234.307] LocalFree (hMem=0x1a99c7c0) returned 0x0 [0234.307] GdipDeleteMatrix (matrix=0x1bcbdfc0) returned 0x0 [0234.307] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d580) returned 0x0 [0234.307] GdipIsInfiniteRegion (region=0x1bcbdc10, graphics=0x1c34abe0, result=0x29d540) returned 0x0 [0234.307] GdipGetRegionHRgn (region=0x1bcbdc10, graphics=0x1c34abe0, hRgn=0x29d540) returned 0x0 [0234.308] GdipDeleteRegion (region=0x1bcbdc10) returned 0x0 [0234.308] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d588) returned 0x0 [0234.308] GetCurrentObject (hdc=0x13010815, type=0x1) returned 0x1b00017 [0234.308] GetCurrentObject (hdc=0x13010815, type=0x2) returned 0x1900010 [0234.308] GetCurrentObject (hdc=0x13010815, type=0x7) returned 0xa05082d [0234.308] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.308] SaveDC (hdc=0x13010815) returned 1 [0234.308] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x4104083a [0234.308] GetClipRgn (hdc=0x13010815, hrgn=0x4104083a) returned 0 [0234.308] SelectClipRgn (hdc=0x13010815, hrgn=0xffffffffe9040228) returned 2 [0234.308] DeleteObject (ho=0x4104083a) returned 1 [0234.308] DeleteObject (ho=0xffffffffe9040228) returned 1 [0234.308] OffsetViewportOrgEx (in: hdc=0x13010815, x=0, y=0, lppt=0x22dc2d0 | out: lppt=0x22dc2d0) returned 1 [0234.308] IsAppThemed () returned 0x1 [0234.308] GetThemeAppProperties () returned 0x3 [0234.308] GetThemeAppProperties () returned 0x3 [0234.308] GetThemeBackgroundContentRect () returned 0x0 [0234.308] RestoreDC (hdc=0x13010815, nSavedDC=-1) returned 1 [0234.308] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x13010815) returned 0x0 [0234.308] IsAppThemed () returned 0x1 [0234.308] GetThemeAppProperties () returned 0x3 [0234.308] GetThemeAppProperties () returned 0x3 [0234.308] GdipGetTextRenderingHint (graphics=0x1c34abe0, mode=0x29d768) returned 0x0 [0234.308] GdipGetDC (graphics=0x1c34abe0, hdc=0x29d748) returned 0x0 [0234.308] GetCurrentObject (hdc=0x13010815, type=0x1) returned 0x1b00017 [0234.308] GetCurrentObject (hdc=0x13010815, type=0x2) returned 0x1900010 [0234.308] GetCurrentObject (hdc=0x13010815, type=0x7) returned 0xa05082d [0234.308] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.308] SaveDC (hdc=0x13010815) returned 1 [0234.308] GetTextAlign (hdc=0x13010815) returned 0x0 [0234.308] GetTextColor (hdc=0x13010815) returned 0x0 [0234.308] SetTextColor (hdc=0x13010815, color=0x8b) returned 0x0 [0234.308] GetCurrentObject (hdc=0x13010815, type=0x6) returned 0x18a002e [0234.309] GetObjectW (in: h=0x18a002e, c=92, pv=0x29d280 | out: pv=0x29d280) returned 92 [0234.309] SelectObject (hdc=0x13010815, h=0x90a0819) returned 0x18a002e [0234.309] GetBkMode (hdc=0x13010815) returned 2 [0234.309] SetBkMode (hdc=0x13010815, mode=1) returned 2 [0234.309] DrawTextExW (in: hdc=0x13010815, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d4c0, format=0x102415, lpdtp=0x22dc958 | out: lpchText="Сopy to clipboard", lprc=0x29d4c0) returned 13 [0234.309] DrawTextExW (in: hdc=0x13010815, lpchText="Сopy to clipboard", cchText=17, lprc=0x29d6d8, format=0x102015, lpdtp=0x22dc958 | out: lpchText="Сopy to clipboard", lprc=0x29d6d8) returned 13 [0234.309] RestoreDC (hdc=0x13010815, nSavedDC=-1) returned 1 [0234.309] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x13010815) returned 0x0 [0234.309] GetFocus () returned 0x201ba [0234.309] IsAppThemed () returned 0x1 [0234.309] GetThemeAppProperties () returned 0x3 [0234.309] GetThemeAppProperties () returned 0x3 [0234.309] GdipGetDC (graphics=0x1c34abe0, hdc=0x29da58) returned 0x0 [0234.309] BitBlt (hdc=0x7010804, x=0, y=0, cx=196, cy=49, hdcSrc=0x13010815, x1=0, y1=0, rop=0xcc0020) returned 1 [0234.309] GdipReleaseDC (graphics=0x1c34abe0, hdc=0x13010815) returned 0x0 [0234.309] SelectPalette (hdc=0x7010804, hPal=0x188000b, bForceBkgd=0) returned 0x1908082e [0234.309] SelectObject (hdc=0x13010815, h=0x185000f) returned 0xa05082d [0234.309] DeleteDC (hdc=0x13010815) returned 1 [0234.309] GdipDeleteGraphics (graphics=0x1c34abe0) returned 0x0 [0234.310] EndPaint (hWnd=0x201ba, lpPaint=0x29da38) returned 1 [0234.310] MapWindowPoints (in: hWndFrom=0x201ba, hWndTo=0x0, lpPoints=0x22dcac0, cPoints=0x1 | out: lpPoints=0x22dcac0) returned 22938228 [0234.310] WindowFromPoint (Point=0x173000002e4) returned 0x201ba [0234.310] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.310] NotifyWinEvent (event=0x800a, hwnd=0x201ba, idObject=-4, idChild=0) [0234.310] NotifyWinEvent (event=0x800c, hwnd=0x201ba, idObject=-4, idChild=0) [0234.310] GetWindowTextLengthW (hWnd=0x201bc) returned 344 [0234.310] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x158 [0234.310] GetSystemMetrics (nIndex=42) returned 0 [0234.310] CoTaskMemAlloc (cb=0x2b6) returned 0x1a978aa0 [0234.310] GetWindowTextW (in: hWnd=0x201bc, lpString=0x1a978aa0, nMaxCount=345 | out: lpString="rYs12kyNJVUfzUiydKuSiGaCT+WP/w21V+fwmbUaRnKA3V8fIryOinY9WeVpyKTRwJqBZAI+LktDeWGvlMFV8IfLg/WG25qF2VoaciiZ0DCD+veGCKX3Bje/51mGr1SEbdqAxcHZLO/PHgp7aoD1w/KYBz39TFr9i9AboDnJraA0qDTT2k3ZWxcYD6VvtgFFn1JjlJgD7PUigjnX2jZYehzP4W0LHhIm8A3D+pEu760LFGK6Ybm5gHhqqz0j8HhVuueS55MSeQeZpCa/IvCFp51NNlQtWaCuEF2KnWiarLwCWNRUS1geBhEksbDA0a9WKuchZxec9pjKXREH0B6PpA==") returned 344 [0234.310] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xd, wParam=0x159, lParam=0x1a978aa0) returned 0x158 [0234.310] CoTaskMemFree (pv=0x1a978aa0) [0234.330] OleSetClipboard (pDataObj=0x2dea28) returned 0x0 [0234.331] OleFlushClipboard () returned 0x0 [0234.332] GlobalReAlloc (hMem=0x1bee00e8, dwBytes=0x2b2, uFlags=0x2042) returned 0x1bee00e8 [0234.332] GlobalLock (hMem=0x1bee00e8) returned 0x1a99d6a0 [0234.332] RtlMoveMemory (in: Destination=0x1a99d6a0, Source=0x22dd9a8, Length=0x2b0 | out: Destination=0x1a99d6a0) [0234.332] GlobalUnlock (hMem=0x1bee00e8) returned 0 [0234.332] GetCapture () returned 0x201ba [0234.332] ReleaseCapture () returned 1 [0234.332] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0234.332] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.332] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.332] IsWindowUnicode (hWnd=0x201ba) returned 1 [0234.332] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.332] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.333] SetCursor (hCursor=0x10003) returned 0x10003 [0234.333] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.333] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.333] GetKeyState (nVirtKey=1) returned 1 [0234.333] GetKeyState (nVirtKey=2) returned 0 [0234.333] GetKeyState (nVirtKey=4) returned 0 [0234.333] GetKeyState (nVirtKey=5) returned 0 [0234.333] GetKeyState (nVirtKey=6) returned 0 [0234.333] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.333] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.333] WaitMessage () returned 1 [0234.389] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.389] IsWindowUnicode (hWnd=0x201e2) returned 1 [0234.389] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.389] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.389] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.389] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.389] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.389] WaitMessage () returned 1 [0234.474] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.474] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.475] IsWindowUnicode (hWnd=0x201ba) returned 1 [0234.475] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.475] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.475] SetCursor (hCursor=0x10003) returned 0x10003 [0234.475] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.475] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.475] GetKeyState (nVirtKey=1) returned 1 [0234.475] GetKeyState (nVirtKey=2) returned 0 [0234.475] GetKeyState (nVirtKey=4) returned 0 [0234.475] GetKeyState (nVirtKey=5) returned 0 [0234.475] GetKeyState (nVirtKey=6) returned 0 [0234.475] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.475] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.475] WaitMessage () returned 1 [0234.494] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.494] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.494] IsWindowUnicode (hWnd=0x201ba) returned 1 [0234.494] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.494] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.494] SetCursor (hCursor=0x10003) returned 0x10003 [0234.494] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.494] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.495] GetKeyState (nVirtKey=1) returned 1 [0234.495] GetKeyState (nVirtKey=2) returned 0 [0234.495] GetKeyState (nVirtKey=4) returned 0 [0234.495] GetKeyState (nVirtKey=5) returned 0 [0234.495] GetKeyState (nVirtKey=6) returned 0 [0234.495] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.495] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.495] WaitMessage () returned 1 [0234.514] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.514] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.515] IsWindowUnicode (hWnd=0x201ba) returned 1 [0234.515] GetMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x29ea50) returned 1 [0234.515] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x84, wParam=0x0, lParam=0x17302e4) returned 0x1 [0234.515] SetCursor (hCursor=0x10003) returned 0x10003 [0234.515] TranslateMessage (lpMsg=0x29ea50) returned 0 [0234.515] DispatchMessageW (lpMsg=0x29ea50) returned 0x0 [0234.515] GetKeyState (nVirtKey=1) returned 1 [0234.515] GetKeyState (nVirtKey=2) returned 0 [0234.515] GetKeyState (nVirtKey=4) returned 0 [0234.515] GetKeyState (nVirtKey=5) returned 0 [0234.515] GetKeyState (nVirtKey=6) returned 0 [0234.515] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.515] PeekMessageW (in: lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x29ea50) returned 0 [0234.515] WaitMessage () returned 1 [0234.525] PeekMessageW (lpMsg=0x29ea50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0) [0234.525] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1 [0234.663] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0234.902] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x86, wParam=0x0, lParam=0x301b0) returned 0x1 [0234.902] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0234.902] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0234.902] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0234.903] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0234.903] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x46, wParam=0x0, lParam=0x29e890) returned 0x0 [0234.904] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29e468 | out: lpwndpl=0x29e468) returned 1 [0234.904] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x47, wParam=0x0, lParam=0x29e890) returned 0x0 [0234.904] GetClientRect (in: hWnd=0x501ac, lpRect=0x29e300 | out: lpRect=0x29e300) returned 1 [0234.904] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29e300 | out: lpRect=0x29e300) returned 1 [0234.904] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0234.904] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0234.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0234.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x47, wParam=0x0, lParam=0x29e890) returned 0x0 [0234.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae05720) returned 0x0 [0234.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x86, wParam=0x1, lParam=0x501ac) returned 0x1 [0234.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae05720) returned 0x0 [0234.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae05720) returned 0x0 [0234.905] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x6, wParam=0x1, lParam=0x501ac) returned 0x0 [0234.906] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x8, wParam=0x301b0, lParam=0x0) returned 0x0 [0234.906] GetCapture () returned 0x0 [0234.906] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0234.906] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0234.906] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0234.906] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0234.906] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0 [0234.906] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0234.906] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x7, wParam=0x201ba, lParam=0x0) returned 0x0 [0234.906] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x3b, wParam=0x50c, lParam=0x0) [0234.917] GetWindowLongPtrW (hWnd=0x501ac, nIndex=-20) returned 0x10101 [0234.917] DestroyWindow (hWnd=0x501ac) [0234.917] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0234.918] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x46, wParam=0x0, lParam=0x29d920) returned 0x0 [0234.927] GetWindowPlacement (in: hWnd=0x501ac, lpwndpl=0x29d4f8 | out: lpwndpl=0x29d4f8) returned 1 [0234.927] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x47, wParam=0x0, lParam=0x29d920) returned 0x0 [0234.927] GetClientRect (in: hWnd=0x501ac, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0234.927] GetWindowRect (in: hWnd=0x501ac, lpRect=0x29d390 | out: lpRect=0x29d390) returned 1 [0235.113] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.113] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.113] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.113] SendMessageW (hWnd=0x301b4, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0235.113] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0235.113] SendMessageW (hWnd=0x301b4, Msg=0xb0, wParam=0x220abc4, lParam=0x29d3a0) returned 0x0 [0235.113] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0xb0, wParam=0x220abc4, lParam=0x29d3a0) returned 0x0 [0235.114] DeleteObject (ho=0x25100259) returned 1 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x1 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.114] InvalidateRect (hWnd=0x201ba, lpRect=0x0, bErase=0) returned 1 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.114] SendMessageW (hWnd=0x201bc, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0235.114] SendMessageW (hWnd=0x201bc, Msg=0xb0, wParam=0x22099b4, lParam=0x29d3a0) returned 0x1580000 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0xb0, wParam=0x22099b4, lParam=0x29d3a0) returned 0x1580000 [0235.114] DeleteObject (ho=0x1d100260) returned 1 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x1 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.114] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301b2, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.117] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x301ae, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.119] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x301b4, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.120] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201b8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.120] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x201e8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.121] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x201e6, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.122] CallWindowProcW (lpPrevWndFunc=0x7fefc193b20, hWnd=0x201ba, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.123] CallWindowProcW (lpPrevWndFunc=0x7fefc19975c, hWnd=0x201bc, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.124] CallWindowProcW (lpPrevWndFunc=0x7fefc1961b4, hWnd=0x401da, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.124] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x501ac, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0235.124] DestroyWindow (hWnd=0x301b0) [0235.125] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0235.125] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0235.125] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae05330) returned 0x0 [0235.125] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0xd, wParam=0x104, lParam=0x1ae055d0) returned 0x0 [0235.125] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x6, wParam=0x0, lParam=0x0) returned 0x0 [0235.125] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x1c, wParam=0x0, lParam=0x328) returned 0x0 [0235.125] NtdllDefWindowProc_W (hWnd=0x40128, Msg=0x1c, wParam=0x0, lParam=0x328) returned 0x0 [0235.126] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0 [0235.126] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0235.126] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0 [0235.126] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0235.126] CallWindowProcW (lpPrevWndFunc=0x7769b0ac, hWnd=0x301b0, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 Thread: id = 2 os_tid = 0x9ec Thread: id = 3 os_tid = 0x9f0 [0097.822] CoGetContextToken (in: pToken=0x1a78f5c0 | out: pToken=0x1a78f5c0) returned 0x800401f0 [0097.822] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 4 os_tid = 0x9f4 Thread: id = 5 os_tid = 0xa08 [0177.028] CoGetContextToken (in: pToken=0x1b27f860 | out: pToken=0x1b27f860) returned 0x0 [0177.028] CObjectContext::QueryInterface () returned 0x0 [0177.028] CObjectContext::GetCurrentThreadType () returned 0x0 [0177.028] Release () returned 0x0 Thread: id = 6 os_tid = 0xa0c [0101.393] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0101.451] SleepEx (dwMilliseconds=0x1f4, bAlertable=1) returned 0x0 [0101.963] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0102.974] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0103.988] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0106.577] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0107.623] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0108.764] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0109.792] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0110.805] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0111.823] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0112.838] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0113.847] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0114.861] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0115.888] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0116.889] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0117.906] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0118.917] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0119.932] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0120.945] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0121.959] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0123.025] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0124.050] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0125.081] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0126.093] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0127.109] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0129.728] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0130.743] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0131.787] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0132.848] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0133.862] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0134.876] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0135.892] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0136.904] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0137.918] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0138.964] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0139.980] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0140.992] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0142.039] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0143.083] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0144.099] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0145.188] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0146.231] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0147.233] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0148.249] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0149.322] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0150.375] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0151.428] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0152.473] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0153.518] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0154.532] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0155.811] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0159.241] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0160.273] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0161.318] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0162.364] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0163.377] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0164.391] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0165.405] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0166.731] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0167.745] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0168.824] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0169.930] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0170.943] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0171.957] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0172.971] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0173.986] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0175.004] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0177.030] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0178.541] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0179.556] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0180.569] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0181.742] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0183.048] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0184.513] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0186.212] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0187.216] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0188.274] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0189.383] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0190.397] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0191.660] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0192.996] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0194.000] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0195.051] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0196.059] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0197.775] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0198.774] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0199.788] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0200.833] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0201.972] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0202.970] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0203.984] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0205.073] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0206.075] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0207.089] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0208.103] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0209.191] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0210.253] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0211.254] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0212.268] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0213.287] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0214.296] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0215.310] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0216.324] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0217.338] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0218.352] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0219.366] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0220.380] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0221.394] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0222.408] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0223.422] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0224.436] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0225.450] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0226.464] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0227.480] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0228.492] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0229.506] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0230.520] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0231.534] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0232.548] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0233.562] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0234.575] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 7 os_tid = 0xa10 [0101.446] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0101.517] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0102.522] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0103.536] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0106.125] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0107.154] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0108.216] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0109.232] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0110.244] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0111.264] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0112.272] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0113.298] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0114.331] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0115.345] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0116.359] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0117.378] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0118.387] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0119.406] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0120.418] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0121.431] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0122.458] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0123.550] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0124.627] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0125.641] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0126.697] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0128.776] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0130.290] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0131.304] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0132.353] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0133.363] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0134.471] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0135.501] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0136.514] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0137.528] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0138.561] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0139.572] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0140.586] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0141.636] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0142.645] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0143.674] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0144.720] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0145.785] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0146.814] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0147.825] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0148.842] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0149.899] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0150.959] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0151.973] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0153.019] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0154.033] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0155.047] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0157.477] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0159.758] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0160.813] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0161.866] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0162.895] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0163.908] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0164.922] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0166.247] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0167.262] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0168.276] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0169.290] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0170.381] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0171.432] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0172.441] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0173.492] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0174.500] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0175.551] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0177.030] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0178.751] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0180.458] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0181.660] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0183.048] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0184.513] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0186.212] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0187.216] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0188.274] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0189.383] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0190.397] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0191.660] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0192.996] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0194.000] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0195.051] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0196.059] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0197.775] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0198.774] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0199.788] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0200.833] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0201.972] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0202.970] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0203.984] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0205.073] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0206.075] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0207.089] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0208.103] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0209.191] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0210.253] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0211.254] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0212.268] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0213.287] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0214.295] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0215.309] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0216.324] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0217.338] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0218.351] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0219.366] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0220.380] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0221.394] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0222.407] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0223.422] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0224.436] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0225.450] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0226.464] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0227.479] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0228.492] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0229.505] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0230.519] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0231.534] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0232.548] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0233.562] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0234.576] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 8 os_tid = 0x0 Thread: id = 9 os_tid = 0xa40 Thread: id = 10 os_tid = 0xa44 Thread: id = 31 os_tid = 0xb28 Thread: id = 32 os_tid = 0xb6c Thread: id = 35 os_tid = 0xbf8 Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x338b3000" os_pid = "0xaa4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9dc" cmd_line = "\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea88" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 243 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 244 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 245 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 246 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 247 start_va = 0x4abc0000 end_va = 0x4ac18fff entry_point = 0x4abc0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 248 start_va = 0x77670000 end_va = 0x77818fff entry_point = 0x77670000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 249 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 250 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 251 start_va = 0x7feff990000 end_va = 0x7feff990fff entry_point = 0x7feff990000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 252 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 253 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 254 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 255 start_va = 0x260000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 256 start_va = 0x77550000 end_va = 0x7766efff entry_point = 0x77550000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 257 start_va = 0x7fefd920000 end_va = 0x7fefd98afff entry_point = 0x7fefd920000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 258 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 259 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 260 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 261 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 262 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 263 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 264 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 265 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 266 start_va = 0x4c0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 267 start_va = 0x4d0000 end_va = 0x657fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 268 start_va = 0x660000 end_va = 0x7e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 269 start_va = 0x7f0000 end_va = 0x1beffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 270 start_va = 0x1bf0000 end_va = 0x1f32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001bf0000" filename = "" Region: id = 271 start_va = 0x77450000 end_va = 0x77549fff entry_point = 0x77450000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 272 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 273 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 274 start_va = 0x7fef8f40000 end_va = 0x7fef8f47fff entry_point = 0x7fef8f40000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 275 start_va = 0x7fefdb10000 end_va = 0x7fefdbaefff entry_point = 0x7fefdb10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 276 start_va = 0x7fefdc90000 end_va = 0x7fefdcf6fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 277 start_va = 0x7fefdd00000 end_va = 0x7fefddc8fff entry_point = 0x7fefdd00000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 278 start_va = 0x7fefe0a0000 end_va = 0x7fefe1a8fff entry_point = 0x7fefe0a0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 279 start_va = 0x7fefe350000 end_va = 0x7fefe35dfff entry_point = 0x7fefe350000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 280 start_va = 0x7feff950000 end_va = 0x7feff97dfff entry_point = 0x7feff950000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 281 start_va = 0x1f40000 end_va = 0x220efff entry_point = 0x1f40000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 11 os_tid = 0xaa8 [0155.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f8f0 | out: lpSystemTimeAsFileTime=0x18f8f0*(dwLowDateTime=0xac7ceef0, dwHighDateTime=0x1d486f4)) [0155.742] GetCurrentProcessId () returned 0xaa4 [0155.742] GetCurrentThreadId () returned 0xaa8 [0155.742] GetTickCount () returned 0x31e49 [0155.742] QueryPerformanceCounter (in: lpPerformanceCount=0x18f8f8 | out: lpPerformanceCount=0x18f8f8*=1821720200000) returned 1 [0155.743] GetModuleHandleW (lpModuleName=0x0) returned 0x4abc0000 [0155.743] __set_app_type (_Type=0x1) [0155.743] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4abe7810) returned 0x0 [0155.743] __getmainargs (in: _Argc=0x4ac0a608, _Argv=0x4ac0a618, _Env=0x4ac0a610, _DoWildCard=0, _StartInfo=0x4abee0f4 | out: _Argc=0x4ac0a608, _Argv=0x4ac0a618, _Env=0x4ac0a610) returned 0 [0155.743] GetCurrentThreadId () returned 0xaa8 [0155.743] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xaa8) returned 0x3c [0155.743] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77550000 [0155.743] GetProcAddress (hModule=0x77550000, lpProcName="SetThreadUILanguage") returned 0x77566d40 [0155.743] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0155.743] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0155.743] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f888 | out: phkResult=0x18f888*=0x0) returned 0x2 [0155.743] VirtualQuery (in: lpAddress=0x18f870, lpBuffer=0x18f7f0, dwLength=0x30 | out: lpBuffer=0x18f7f0*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0155.744] VirtualQuery (in: lpAddress=0x90000, lpBuffer=0x18f7f0, dwLength=0x30 | out: lpBuffer=0x18f7f0*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0155.744] VirtualQuery (in: lpAddress=0x91000, lpBuffer=0x18f7f0, dwLength=0x30 | out: lpBuffer=0x18f7f0*(BaseAddress=0x91000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0155.744] VirtualQuery (in: lpAddress=0x94000, lpBuffer=0x18f7f0, dwLength=0x30 | out: lpBuffer=0x18f7f0*(BaseAddress=0x94000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0155.744] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x18f7f0, dwLength=0x30 | out: lpBuffer=0x18f7f0*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0155.744] GetConsoleOutputCP () returned 0x1b5 [0155.744] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4abfbfe0 | out: lpCPInfo=0x4abfbfe0) returned 1 [0155.744] SetConsoleCtrlHandler (HandlerRoutine=0x4abe3184, Add=1) returned 1 [0155.744] _get_osfhandle (_FileHandle=1) returned 0x268 [0155.744] SetConsoleMode (hConsoleHandle=0x268, dwMode=0x0) returned 0 [0155.744] _get_osfhandle (_FileHandle=1) returned 0x268 [0155.744] GetConsoleMode (in: hConsoleHandle=0x268, lpMode=0x4abee194 | out: lpMode=0x4abee194) returned 0 [0155.744] _get_osfhandle (_FileHandle=0) returned 0xfffffffffffffffe [0155.744] GetConsoleMode (in: hConsoleHandle=0xfffffffffffffffe, lpMode=0x4abee198 | out: lpMode=0x4abee198) returned 1 [0155.773] _get_osfhandle (_FileHandle=0) returned 0xfffffffffffffffe [0155.773] SetConsoleMode (hConsoleHandle=0xfffffffffffffffe, dwMode=0x7) returned 0 [0155.773] GetEnvironmentStringsW () returned 0x278a60* [0155.773] FreeEnvironmentStringsW (penv=0x278a60) returned 1 [0155.773] GetEnvironmentStringsW () returned 0x278a60* [0155.774] FreeEnvironmentStringsW (penv=0x278a60) returned 1 [0155.774] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e748 | out: phkResult=0x18e748*=0x44) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x0, lpData=0x18e760*=0x18, lpcbData=0x18e744*=0x1000) returned 0x2 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x1, lpcbData=0x18e744*=0x4) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x0, lpData=0x18e760*=0x1, lpcbData=0x18e744*=0x1000) returned 0x2 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x0, lpcbData=0x18e744*=0x4) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x40, lpcbData=0x18e744*=0x4) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x40, lpcbData=0x18e744*=0x4) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x0, lpData=0x18e760*=0x40, lpcbData=0x18e744*=0x1000) returned 0x2 [0155.774] RegCloseKey (hKey=0x44) returned 0x0 [0155.774] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e748 | out: phkResult=0x18e748*=0x44) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x0, lpData=0x18e760*=0x40, lpcbData=0x18e744*=0x1000) returned 0x2 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x1, lpcbData=0x18e744*=0x4) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x0, lpData=0x18e760*=0x1, lpcbData=0x18e744*=0x1000) returned 0x2 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x0, lpcbData=0x18e744*=0x4) returned 0x0 [0155.774] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x9, lpcbData=0x18e744*=0x4) returned 0x0 [0155.775] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x4, lpData=0x18e760*=0x9, lpcbData=0x18e744*=0x4) returned 0x0 [0155.775] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e740, lpData=0x18e760, lpcbData=0x18e744*=0x1000 | out: lpType=0x18e740*=0x0, lpData=0x18e760*=0x9, lpcbData=0x18e744*=0x1000) returned 0x2 [0155.775] RegCloseKey (hKey=0x44) returned 0x0 [0155.775] time (in: timer=0x0 | out: timer=0x0) returned 0x5bfe523c [0155.775] srand (_Seed=0x5bfe523c) [0155.775] GetCommandLineW () returned="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" [0155.775] GetCommandLineW () returned="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" [0155.775] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4abfc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0155.775] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x27aa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0155.775] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4abef360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0155.776] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4abef360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0155.776] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4abef360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0155.776] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0155.776] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0155.776] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0155.776] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0155.776] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0155.776] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0155.776] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0155.776] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0155.776] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0155.776] GetEnvironmentStringsW () returned 0x278a60* [0155.776] FreeEnvironmentStringsW (penv=0x278a60) returned 1 [0155.776] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4abef360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0155.776] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4abef360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0155.776] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0155.776] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0155.776] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0155.776] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0155.776] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0155.777] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0155.777] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0155.777] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0155.777] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x18f550 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0155.777] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x18f550, lpFilePart=0x18f530 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18f530*="Desktop") returned 0x25 [0155.777] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0155.777] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x18f260 | out: lpFindFileData=0x18f260) returned 0x261390 [0155.777] FindClose (in: hFindFile=0x261390 | out: hFindFile=0x261390) returned 1 [0155.777] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x18f260 | out: lpFindFileData=0x18f260) returned 0x261390 [0155.777] FindClose (in: hFindFile=0x261390 | out: hFindFile=0x261390) returned 1 [0155.777] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0155.777] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x18f260 | out: lpFindFileData=0x18f260) returned 0x261390 [0155.778] FindClose (in: hFindFile=0x261390 | out: hFindFile=0x261390) returned 1 [0155.778] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0155.778] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0155.778] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0155.778] GetEnvironmentStringsW () returned 0x278a60* [0155.778] FreeEnvironmentStringsW (penv=0x278a60) returned 1 [0155.778] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4abfc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0155.779] GetConsoleOutputCP () returned 0x1b5 [0155.779] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4abfbfe0 | out: lpCPInfo=0x4abfbfe0) returned 1 [0155.779] GetUserDefaultLCID () returned 0x409 [0155.779] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4abf7b50, cchData=8 | out: lpLCData=":") returned 2 [0155.779] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f660, cchData=128 | out: lpLCData="0") returned 2 [0155.779] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x18f660, cchData=128 | out: lpLCData="0") returned 2 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x18f660, cchData=128 | out: lpLCData="1") returned 2 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ac0a740, cchData=8 | out: lpLCData="/") returned 2 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ac0a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ac0a460, cchData=32 | out: lpLCData="Tue") returned 4 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ac0a420, cchData=32 | out: lpLCData="Wed") returned 4 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ac0a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ac0a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ac0a360, cchData=32 | out: lpLCData="Sat") returned 4 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ac0a700, cchData=32 | out: lpLCData="Sun") returned 4 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4abf7b40, cchData=8 | out: lpLCData=".") returned 2 [0155.780] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ac0a4e0, cchData=8 | out: lpLCData=",") returned 2 [0155.780] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0155.781] GetConsoleTitleW (in: lpConsoleTitle=0x27b800, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0155.782] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77550000 [0155.782] GetProcAddress (hModule=0x77550000, lpProcName="CopyFileExW") returned 0x775623d0 [0155.782] GetProcAddress (hModule=0x77550000, lpProcName="IsDebuggerPresent") returned 0x77558290 [0155.782] GetProcAddress (hModule=0x77550000, lpProcName="SetConsoleInputExeNameW") returned 0x775617e0 [0155.783] _wcsicmp (_String1="vssadmin.exe", _String2=")") returned 77 [0155.783] _wcsicmp (_String1="FOR", _String2="vssadmin.exe") returned -16 [0155.783] _wcsicmp (_String1="FOR/?", _String2="vssadmin.exe") returned -16 [0155.783] _wcsicmp (_String1="IF", _String2="vssadmin.exe") returned -13 [0155.783] _wcsicmp (_String1="IF/?", _String2="vssadmin.exe") returned -13 [0155.783] _wcsicmp (_String1="REM", _String2="vssadmin.exe") returned -4 [0155.783] _wcsicmp (_String1="REM/?", _String2="vssadmin.exe") returned -4 [0155.785] GetConsoleTitleW (in: lpConsoleTitle=0x18f570, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0155.785] GetFileAttributesW (lpFileName="vssadmin.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vssadmin.exe")) returned 0xffffffff [0155.785] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0155.785] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0155.785] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0155.785] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0155.785] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0155.786] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0155.786] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0155.786] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0155.786] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0155.786] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0155.786] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0155.786] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0155.786] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0155.786] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0155.786] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0155.786] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0155.786] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0155.786] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0155.786] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0155.786] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0155.786] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0155.786] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0155.786] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0155.786] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0155.786] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0155.786] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0155.786] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0155.786] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0155.786] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0155.786] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0155.786] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0155.786] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0155.786] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0155.786] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0155.786] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0155.786] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0155.786] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0155.786] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0155.787] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0155.787] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0155.787] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0155.787] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0155.787] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0155.787] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0155.787] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0155.787] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0155.787] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0155.787] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0155.787] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0155.787] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0155.787] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0155.787] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0155.787] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0155.787] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0155.787] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0155.787] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0155.787] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0155.787] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0155.787] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0155.787] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0155.787] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0155.787] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0155.787] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0155.787] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0155.787] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0155.787] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0155.787] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0155.787] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0155.787] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0155.787] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0155.787] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0155.787] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0155.787] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0155.787] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0155.787] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0155.787] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0155.787] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0155.788] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0155.788] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0155.788] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0155.788] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0155.788] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0155.788] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0155.788] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0155.788] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0155.788] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0155.788] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0155.788] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0155.789] SetErrorMode (uMode=0x0) returned 0x0 [0155.789] SetErrorMode (uMode=0x1) returned 0x0 [0155.789] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x261330, lpFilePart=0x18ee00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18ee00*="Desktop") returned 0x25 [0155.789] SetErrorMode (uMode=0x0) returned 0x1 [0155.789] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4abef360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0155.789] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0155.795] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4abef360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0155.797] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0155.797] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x18eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18eb70) returned 0xffffffffffffffff [0155.797] GetLastError () returned 0x2 [0155.797] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe.*", fInfoLevelId=0x1, lpFindFileData=0x18eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18eb70) returned 0xffffffffffffffff [0155.798] GetLastError () returned 0x2 [0155.798] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x18eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18eb70) returned 0xffffffffffffffff [0155.798] GetLastError () returned 0x2 [0155.798] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0155.798] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x18eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18eb70) returned 0x27c0c0 [0155.798] FindClose (in: hFindFile=0x27c0c0 | out: hFindFile=0x27c0c0) returned 1 [0155.798] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0155.798] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0155.798] GetConsoleTitleW (in: lpConsoleTitle=0x18f0c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0155.799] InitializeProcThreadAttributeList (in: lpAttributeList=0x18ee78, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x18ee38 | out: lpAttributeList=0x18ee78, lpSize=0x18ee38) returned 1 [0155.799] UpdateProcThreadAttribute (in: lpAttributeList=0x18ee78, dwFlags=0x0, Attribute=0x60001, lpValue=0x18ee28, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x18ee78, lpPreviousValue=0x0) returned 1 [0155.799] GetStartupInfoW (in: lpStartupInfo=0x18ef90 | out: lpStartupInfo=0x18ef90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x268, hStdError=0x0)) [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0155.799] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0155.800] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0155.800] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0155.802] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin.exe delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x18eeb0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin.exe delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18ee60 | out: lpCommandLine="vssadmin.exe delete shadows /all /quiet", lpProcessInformation=0x18ee60*(hProcess=0x54, hThread=0x50, dwProcessId=0xabc, dwThreadId=0xac0)) returned 1 [0155.932] CloseHandle (hObject=0x50) returned 1 [0155.932] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0155.932] GetEnvironmentStringsW () returned 0x27ac30* [0155.933] FreeEnvironmentStringsW (penv=0x27ac30) returned 1 [0155.933] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0213.119] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x18eda8 | out: lpExitCode=0x18eda8*=0x0) returned 1 [0213.119] CloseHandle (hObject=0x54) returned 1 [0213.119] _vsnwprintf (in: _Buffer=0x18f018, _BufferCount=0x13, _Format="%08X", _ArgList=0x18edb8 | out: _Buffer="00000000") returned 8 [0213.119] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0213.120] GetEnvironmentStringsW () returned 0x27c0c0* [0213.120] FreeEnvironmentStringsW (penv=0x27c0c0) returned 1 [0213.120] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0213.120] GetEnvironmentStringsW () returned 0x27c0c0* [0213.120] FreeEnvironmentStringsW (penv=0x27c0c0) returned 1 [0213.120] DeleteProcThreadAttributeList (in: lpAttributeList=0x18ee78 | out: lpAttributeList=0x18ee78) [0213.120] _get_osfhandle (_FileHandle=1) returned 0x268 [0213.120] SetConsoleMode (hConsoleHandle=0x268, dwMode=0x0) returned 0 [0213.120] _get_osfhandle (_FileHandle=1) returned 0x268 [0213.120] GetConsoleMode (in: hConsoleHandle=0x268, lpMode=0x4abee194 | out: lpMode=0x4abee194) returned 0 [0213.120] _get_osfhandle (_FileHandle=0) returned 0xfffffffffffffffe [0213.120] GetConsoleMode (in: hConsoleHandle=0xfffffffffffffffe, lpMode=0x4abee198 | out: lpMode=0x4abee198) returned 1 [0213.121] _get_osfhandle (_FileHandle=0) returned 0xfffffffffffffffe [0213.121] SetConsoleMode (hConsoleHandle=0xfffffffffffffffe, dwMode=0x7) returned 0 [0213.121] SetConsoleInputExeNameW () returned 0x1 [0213.121] GetConsoleOutputCP () returned 0x1b5 [0213.121] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4abfbfe0 | out: lpCPInfo=0x4abfbfe0) returned 1 [0213.121] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0213.121] exit (_Code=0) Process: id = "3" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x33c6e000" os_pid = "0xabc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xaa4" cmd_line = "vssadmin.exe delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea88" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 282 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 283 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 284 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 285 start_va = 0x1b0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 286 start_va = 0x77670000 end_va = 0x77818fff entry_point = 0x77670000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 287 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 288 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 289 start_va = 0xfff10000 end_va = 0xfff3cfff entry_point = 0xfff10000 region_type = mapped_file name = "vssadmin.exe" filename = "\\Windows\\System32\\vssadmin.exe" (normalized: "c:\\windows\\system32\\vssadmin.exe") Region: id = 290 start_va = 0x7feff990000 end_va = 0x7feff990fff entry_point = 0x7feff990000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 291 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 292 start_va = 0x7fffffd6000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 293 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 294 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 295 start_va = 0x77550000 end_va = 0x7766efff entry_point = 0x77550000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 296 start_va = 0x7fefd920000 end_va = 0x7fefd98afff entry_point = 0x7fefd920000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 297 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 298 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 299 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 300 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 301 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 302 start_va = 0xe0000 end_va = 0xecfff entry_point = 0xe0000 region_type = mapped_file name = "vssadmin.exe.mui" filename = "\\Windows\\System32\\en-US\\vssadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vssadmin.exe.mui") Region: id = 303 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 304 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 305 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 306 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 307 start_va = 0x490000 end_va = 0x617fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 308 start_va = 0x620000 end_va = 0x7a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 309 start_va = 0x7b0000 end_va = 0x1baffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 310 start_va = 0x77450000 end_va = 0x77549fff entry_point = 0x77450000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 311 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 312 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 313 start_va = 0x7fef79b0000 end_va = 0x7fef79c6fff entry_point = 0x7fef79b0000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 314 start_va = 0x7fef79d0000 end_va = 0x7fef7b7ffff entry_point = 0x7fef79d0000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 315 start_va = 0x7fefb070000 end_va = 0x7fefb088fff entry_point = 0x7fefb070000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 316 start_va = 0x7fefdb10000 end_va = 0x7fefdbaefff entry_point = 0x7fefdb10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 317 start_va = 0x7fefdbb0000 end_va = 0x7fefdc86fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 318 start_va = 0x7fefdc90000 end_va = 0x7fefdcf6fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 319 start_va = 0x7fefdd00000 end_va = 0x7fefddc8fff entry_point = 0x7fefdd00000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 320 start_va = 0x7fefddf0000 end_va = 0x7fefdff2fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 321 start_va = 0x7fefe0a0000 end_va = 0x7fefe1a8fff entry_point = 0x7fefe0a0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 322 start_va = 0x7fefe330000 end_va = 0x7fefe34efff entry_point = 0x7fefe330000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 323 start_va = 0x7fefe350000 end_va = 0x7fefe35dfff entry_point = 0x7fefe350000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 324 start_va = 0x7feff740000 end_va = 0x7feff81afff entry_point = 0x7feff740000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 325 start_va = 0x7feff820000 end_va = 0x7feff94cfff entry_point = 0x7feff820000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 326 start_va = 0x7feff950000 end_va = 0x7feff97dfff entry_point = 0x7feff950000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 327 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 328 start_va = 0x1d00000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 329 start_va = 0x7fefd4b0000 end_va = 0x7fefd4befff entry_point = 0x7fefd4b0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 330 start_va = 0x7fefe000000 end_va = 0x7fefe098fff entry_point = 0x7fefe000000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 331 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 332 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 333 start_va = 0x1c60000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 334 start_va = 0x1d80000 end_va = 0x204efff entry_point = 0x1d80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 335 start_va = 0x7fefcbb0000 end_va = 0x7fefcbf6fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 336 start_va = 0x7fefceb0000 end_va = 0x7fefcec6fff entry_point = 0x7fefceb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 337 start_va = 0x7fefd5a0000 end_va = 0x7fefd5b3fff entry_point = 0x7fefd5a0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 338 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 351 start_va = 0x21e0000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 352 start_va = 0x22b0000 end_va = 0x232ffff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 353 start_va = 0x7fef3190000 end_va = 0x7fef31a3fff entry_point = 0x7fef3190000 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 354 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 355 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Thread: id = 12 os_tid = 0xac0 Thread: id = 13 os_tid = 0xac4 Thread: id = 14 os_tid = 0xac8 Thread: id = 15 os_tid = 0xacc Thread: id = 16 os_tid = 0xad0 Process: id = "4" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x340c2000" os_pid = "0xad4" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0xabc" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:00081f03" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 356 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 357 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 358 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 359 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 360 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 361 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 362 start_va = 0xd0000 end_va = 0xe0fff entry_point = 0xd0000 region_type = mapped_file name = "vssvc.exe.mui" filename = "\\Windows\\System32\\en-US\\VSSVC.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vssvc.exe.mui") Region: id = 363 start_va = 0xf0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 364 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 365 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 366 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 367 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 368 start_va = 0x1b0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 369 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 370 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 371 start_va = 0x490000 end_va = 0x617fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 372 start_va = 0x620000 end_va = 0x7a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 373 start_va = 0x7b0000 end_va = 0x86ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 374 start_va = 0x870000 end_va = 0xc62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 375 start_va = 0xcd0000 end_va = 0xd4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 376 start_va = 0xd50000 end_va = 0xdcffff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 377 start_va = 0xe70000 end_va = 0xeeffff entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 378 start_va = 0xf10000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 379 start_va = 0xf90000 end_va = 0x100ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 380 start_va = 0x1010000 end_va = 0x12defff entry_point = 0x1010000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 381 start_va = 0x12e0000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 382 start_va = 0x77450000 end_va = 0x77549fff entry_point = 0x77450000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 383 start_va = 0x77550000 end_va = 0x7766efff entry_point = 0x77550000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 384 start_va = 0x77670000 end_va = 0x77818fff entry_point = 0x77670000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 385 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 386 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 387 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 388 start_va = 0xffbe0000 end_va = 0xffd6afff entry_point = 0xffbe0000 region_type = mapped_file name = "vssvc.exe" filename = "\\Windows\\System32\\VSSVC.exe" (normalized: "c:\\windows\\system32\\vssvc.exe") Region: id = 389 start_va = 0x7fef3190000 end_va = 0x7fef31a3fff entry_point = 0x7fef3190000 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 390 start_va = 0x7fef48e0000 end_va = 0x7fef48f3fff entry_point = 0x7fef48e0000 region_type = mapped_file name = "xolehlp.dll" filename = "\\Windows\\System32\\xolehlp.dll" (normalized: "c:\\windows\\system32\\xolehlp.dll") Region: id = 391 start_va = 0x7fef4900000 end_va = 0x7fef4908fff entry_point = 0x7fef4900000 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 392 start_va = 0x7fef4910000 end_va = 0x7fef4919fff entry_point = 0x7fef4910000 region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 393 start_va = 0x7fef79b0000 end_va = 0x7fef79c6fff entry_point = 0x7fef79b0000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 394 start_va = 0x7fef79d0000 end_va = 0x7fef7b7ffff entry_point = 0x7fef79d0000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 395 start_va = 0x7fefafd0000 end_va = 0x7fefb036fff entry_point = 0x7fefafd0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 396 start_va = 0x7fefb070000 end_va = 0x7fefb088fff entry_point = 0x7fefb070000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 397 start_va = 0x7fefb7c0000 end_va = 0x7fefb7d3fff entry_point = 0x7fefb7c0000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 398 start_va = 0x7fefb7e0000 end_va = 0x7fefb7f4fff entry_point = 0x7fefb7e0000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 399 start_va = 0x7fefb800000 end_va = 0x7fefb80bfff entry_point = 0x7fefb800000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 400 start_va = 0x7fefb810000 end_va = 0x7fefb825fff entry_point = 0x7fefb810000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 401 start_va = 0x7fefb850000 end_va = 0x7fefb868fff entry_point = 0x7fefb850000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 402 start_va = 0x7fefb870000 end_va = 0x7fefb8bffff entry_point = 0x7fefb870000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 403 start_va = 0x7fefc0a0000 end_va = 0x7fefc0bcfff entry_point = 0x7fefc0a0000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 404 start_va = 0x7fefc780000 end_va = 0x7fefc78bfff entry_point = 0x7fefc780000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 405 start_va = 0x7fefcbb0000 end_va = 0x7fefcbf6fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 406 start_va = 0x7fefceb0000 end_va = 0x7fefcec6fff entry_point = 0x7fefceb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 407 start_va = 0x7fefd0a0000 end_va = 0x7fefd0cefff entry_point = 0x7fefd0a0000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 408 start_va = 0x7fefd150000 end_va = 0x7fefd163fff entry_point = 0x7fefd150000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 409 start_va = 0x7fefd3b0000 end_va = 0x7fefd3d2fff entry_point = 0x7fefd3b0000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 410 start_va = 0x7fefd4b0000 end_va = 0x7fefd4befff entry_point = 0x7fefd4b0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 411 start_va = 0x7fefd5a0000 end_va = 0x7fefd5b3fff entry_point = 0x7fefd5a0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 412 start_va = 0x7fefd670000 end_va = 0x7fefd6a5fff entry_point = 0x7fefd670000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 413 start_va = 0x7fefd900000 end_va = 0x7fefd919fff entry_point = 0x7fefd900000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 414 start_va = 0x7fefd920000 end_va = 0x7fefd98afff entry_point = 0x7fefd920000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 415 start_va = 0x7fefdb10000 end_va = 0x7fefdbaefff entry_point = 0x7fefdb10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 416 start_va = 0x7fefdbb0000 end_va = 0x7fefdc86fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 417 start_va = 0x7fefdc90000 end_va = 0x7fefdcf6fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 418 start_va = 0x7fefdd00000 end_va = 0x7fefddc8fff entry_point = 0x7fefdd00000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 419 start_va = 0x7fefddf0000 end_va = 0x7fefdff2fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 420 start_va = 0x7fefe000000 end_va = 0x7fefe098fff entry_point = 0x7fefe000000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 421 start_va = 0x7fefe0a0000 end_va = 0x7fefe1a8fff entry_point = 0x7fefe0a0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 422 start_va = 0x7fefe330000 end_va = 0x7fefe34efff entry_point = 0x7fefe330000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 423 start_va = 0x7fefe350000 end_va = 0x7fefe35dfff entry_point = 0x7fefe350000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 424 start_va = 0x7feff0f0000 end_va = 0x7feff2c6fff entry_point = 0x7feff0f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 425 start_va = 0x7feff2e0000 end_va = 0x7feff350fff entry_point = 0x7feff2e0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 426 start_va = 0x7feff740000 end_va = 0x7feff81afff entry_point = 0x7feff740000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 427 start_va = 0x7feff820000 end_va = 0x7feff94cfff entry_point = 0x7feff820000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 428 start_va = 0x7feff950000 end_va = 0x7feff97dfff entry_point = 0x7feff950000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 429 start_va = 0x7feff990000 end_va = 0x7feff990fff entry_point = 0x7feff990000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 430 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 431 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 432 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 433 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 434 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 435 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 436 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 437 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 438 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 439 start_va = 0x7fefbf70000 end_va = 0x7fefc09bfff entry_point = 0x7fefbf70000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 440 start_va = 0x7fef3100000 end_va = 0x7fef3184fff entry_point = 0x7fef3100000 region_type = mapped_file name = "catsrvut.dll" filename = "\\Windows\\System32\\catsrvut.dll" (normalized: "c:\\windows\\system32\\catsrvut.dll") Region: id = 441 start_va = 0x7fef31c0000 end_va = 0x7fef31cbfff entry_point = 0x7fef31c0000 region_type = mapped_file name = "mfcsubs.dll" filename = "\\Windows\\System32\\mfcsubs.dll" (normalized: "c:\\windows\\system32\\mfcsubs.dll") Thread: id = 17 os_tid = 0xaf4 Thread: id = 18 os_tid = 0xaf0 Thread: id = 19 os_tid = 0xaec Thread: id = 20 os_tid = 0xae8 Thread: id = 21 os_tid = 0xae4 Thread: id = 22 os_tid = 0xae0 Thread: id = 23 os_tid = 0xad8 Thread: id = 24 os_tid = 0xb08 Thread: id = 33 os_tid = 0xbc4 Thread: id = 36 os_tid = 0x484 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x33ecc000" os_pid = "0xb00" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0xad4" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:000823e4" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 442 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 443 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 444 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 445 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 446 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 447 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 448 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 449 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 450 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 451 start_va = 0x110000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 452 start_va = 0x220000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 453 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 454 start_va = 0x430000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 455 start_va = 0x4a0000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 456 start_va = 0x520000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 457 start_va = 0x5a0000 end_va = 0x65ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 458 start_va = 0x700000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 459 start_va = 0x780000 end_va = 0xa4efff entry_point = 0x780000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 460 start_va = 0xa50000 end_va = 0xbd7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 461 start_va = 0xbe0000 end_va = 0xd60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 462 start_va = 0xd70000 end_va = 0x1162fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d70000" filename = "" Region: id = 463 start_va = 0x1280000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 464 start_va = 0x13f0000 end_va = 0x146ffff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 465 start_va = 0x77450000 end_va = 0x77549fff entry_point = 0x77450000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 466 start_va = 0x77550000 end_va = 0x7766efff entry_point = 0x77550000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 467 start_va = 0x77670000 end_va = 0x77818fff entry_point = 0x77670000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 468 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 469 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 470 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 471 start_va = 0xff1c0000 end_va = 0xff1cafff entry_point = 0xff1c0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 472 start_va = 0x7feee440000 end_va = 0x7feee4c1fff entry_point = 0x7feee440000 region_type = mapped_file name = "swprv.dll" filename = "\\Windows\\System32\\swprv.dll" (normalized: "c:\\windows\\system32\\swprv.dll") Region: id = 473 start_va = 0x7fef3190000 end_va = 0x7fef31a3fff entry_point = 0x7fef3190000 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 474 start_va = 0x7fef4900000 end_va = 0x7fef4908fff entry_point = 0x7fef4900000 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 475 start_va = 0x7fef4910000 end_va = 0x7fef4919fff entry_point = 0x7fef4910000 region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 476 start_va = 0x7fef79b0000 end_va = 0x7fef79c6fff entry_point = 0x7fef79b0000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 477 start_va = 0x7fefb070000 end_va = 0x7fefb088fff entry_point = 0x7fefb070000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 478 start_va = 0x7fefcbb0000 end_va = 0x7fefcbf6fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 479 start_va = 0x7fefceb0000 end_va = 0x7fefcec6fff entry_point = 0x7fefceb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 480 start_va = 0x7fefd4b0000 end_va = 0x7fefd4befff entry_point = 0x7fefd4b0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 481 start_va = 0x7fefd5a0000 end_va = 0x7fefd5b3fff entry_point = 0x7fefd5a0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 482 start_va = 0x7fefd920000 end_va = 0x7fefd98afff entry_point = 0x7fefd920000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 483 start_va = 0x7fefdb10000 end_va = 0x7fefdbaefff entry_point = 0x7fefdb10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 484 start_va = 0x7fefdbb0000 end_va = 0x7fefdc86fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 485 start_va = 0x7fefdc90000 end_va = 0x7fefdcf6fff entry_point = 0x7fefdc90000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 486 start_va = 0x7fefdd00000 end_va = 0x7fefddc8fff entry_point = 0x7fefdd00000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 487 start_va = 0x7fefddf0000 end_va = 0x7fefdff2fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 488 start_va = 0x7fefe000000 end_va = 0x7fefe098fff entry_point = 0x7fefe000000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 489 start_va = 0x7fefe0a0000 end_va = 0x7fefe1a8fff entry_point = 0x7fefe0a0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 490 start_va = 0x7fefe330000 end_va = 0x7fefe34efff entry_point = 0x7fefe330000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 491 start_va = 0x7fefe350000 end_va = 0x7fefe35dfff entry_point = 0x7fefe350000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 492 start_va = 0x7feff740000 end_va = 0x7feff81afff entry_point = 0x7feff740000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 493 start_va = 0x7feff820000 end_va = 0x7feff94cfff entry_point = 0x7feff820000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 494 start_va = 0x7feff950000 end_va = 0x7feff97dfff entry_point = 0x7feff950000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 495 start_va = 0x7feff990000 end_va = 0x7feff990fff entry_point = 0x7feff990000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 496 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 497 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 498 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 499 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 500 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 501 start_va = 0x7fffffdb000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 502 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 503 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 504 start_va = 0x7fef79d0000 end_va = 0x7fef7b7ffff entry_point = 0x7fef79d0000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Thread: id = 25 os_tid = 0xb1c Thread: id = 26 os_tid = 0xb18 Thread: id = 27 os_tid = 0xb14 Thread: id = 28 os_tid = 0xb10 Thread: id = 29 os_tid = 0xb0c Thread: id = 30 os_tid = 0xb04 Thread: id = 34 os_tid = 0xbc8 Thread: id = 37 os_tid = 0x368 Process: id = "6" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0x0" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 646 start_va = 0x10000 end_va = 0x32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 647 start_va = 0x77590000 end_va = 0x77738fff entry_point = 0x77590000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 648 start_va = 0x77770000 end_va = 0x778effff entry_point = 0x77770000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 649 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Thread: id = 38 os_tid = 0x8 Thread: id = 39 os_tid = 0xc0 Thread: id = 40 os_tid = 0x40 Thread: id = 41 os_tid = 0xc8 Thread: id = 42 os_tid = 0x5c Thread: id = 43 os_tid = 0x4c Thread: id = 44 os_tid = 0x3c Thread: id = 45 os_tid = 0x64 Thread: id = 46 os_tid = 0xc4 Thread: id = 47 os_tid = 0x48 Thread: id = 48 os_tid = 0x2c Thread: id = 49 os_tid = 0x28 Thread: id = 50 os_tid = 0x38 Thread: id = 51 os_tid = 0xb8 Thread: id = 52 os_tid = 0xf4 Thread: id = 53 os_tid = 0xfc Thread: id = 54 os_tid = 0x10c Thread: id = 55 os_tid = 0x100 Thread: id = 56 os_tid = 0x98 Thread: id = 57 os_tid = 0x88 Thread: id = 58 os_tid = 0x78 Thread: id = 59 os_tid = 0x8c Thread: id = 60 os_tid = 0x90 Thread: id = 61 os_tid = 0x9c Thread: id = 62 os_tid = 0x34 Thread: id = 63 os_tid = 0x24 Thread: id = 64 os_tid = 0x114 Thread: id = 65 os_tid = 0x84 Thread: id = 66 os_tid = 0x0 Thread: id = 67 os_tid = 0xb0 Thread: id = 68 os_tid = 0x60 Thread: id = 69 os_tid = 0x104 Thread: id = 70 os_tid = 0x12c Thread: id = 71 os_tid = 0x130 Thread: id = 72 os_tid = 0x134 Thread: id = 73 os_tid = 0x138 Thread: id = 74 os_tid = 0x174 Thread: id = 75 os_tid = 0xdc Thread: id = 76 os_tid = 0xf8 Thread: id = 77 os_tid = 0x68 Thread: id = 78 os_tid = 0x74 Thread: id = 79 os_tid = 0x268 Thread: id = 80 os_tid = 0x2e4 Thread: id = 81 os_tid = 0x80 Thread: id = 82 os_tid = 0x3b4 Thread: id = 83 os_tid = 0xbc Thread: id = 84 os_tid = 0x450 Thread: id = 85 os_tid = 0x46c Thread: id = 86 os_tid = 0x4f8 Thread: id = 87 os_tid = 0x524 Thread: id = 88 os_tid = 0x52c Thread: id = 89 os_tid = 0x578 Thread: id = 90 os_tid = 0x20 Thread: id = 91 os_tid = 0x5cc Thread: id = 92 os_tid = 0x5dc Thread: id = 93 os_tid = 0x5e8 Thread: id = 94 os_tid = 0x5f8 Thread: id = 95 os_tid = 0x608 Thread: id = 96 os_tid = 0x60c Thread: id = 97 os_tid = 0x640 Thread: id = 98 os_tid = 0xd4 Thread: id = 99 os_tid = 0x678 Thread: id = 100 os_tid = 0x474 Thread: id = 101 os_tid = 0x94 Thread: id = 102 os_tid = 0x470 Thread: id = 103 os_tid = 0x6ac Thread: id = 104 os_tid = 0x1c Thread: id = 105 os_tid = 0x788 Thread: id = 106 os_tid = 0x7a0